Findings

Expand all

Collapse all

Security

F001. SQL injection

F002. Asymmetric denial of service

F003. Symmetric denial of service

F004. Remote command execution

F005. Privilege escalation

F006. Authentication mechanism absence or evasion

F007. Cross-site request forgery

F008. Reflected cross-site scripting (XSS)

F009. Source code with sensitive information

F010. Stored cross-site scripting (XSS)

F011. Use of software with known vulnerabilities

F013. Insecure object reference

F014. Insecure functionality

F015. Insecure authentication method

F017. Sensitive information sent insecurely

F018. Improper authentication for shared folders

F019. Administrative credentials stored in cache memory

F020. Non-encrypted confidential information

F021. XPath Injection

F022. Use of an insecure channel

F023. Uncontrolled external site redirect

F024. Unrestricted access between network segments

F025. Call interception

F026. User enumeration

F027. Insecure file upload

F028. Insecure temporary files

F029. Inadequate file size control

F030. Sensitive information sent via URL parameters

F031. Excessive privileges

F032. Spoofing

F033. Password change without identity check

F034. Insecure generation of random numbers

F035. Weak credential policy

F036. ViewState not encrypted

F038. Business information leak

F039. Improper authorization control for web services

F040. Exposed web services

F041. Enabled default credentials

F042. Insecurely generated cookies

F045. HTML code injection

F047. Automatic information enumeration

F048. Lack of root detection

F049. Insecure digital certificates

F050. Guessed weak credentials

F051. Cracked weak credentials

F052. Insecure encryption algorithm

F053. Lack of protection against brute force attacks

F054. Exposed administrative services

F055. Insecure service configuration

F056. Anonymous connection

F059. Sensitive information stored in logs

F063. Lack of data validation

F065. Cached form fields

F067. Improper resource allocation

F069. Weak CAPTCHA

F075. Unauthorized access to files

F076. Insecure session management

F077. ARP spoofing

F078. Insecurely generated token

F081. Lack of multi-factor authentication

F082. Insecurely deleted files

F083. XML Injection (XXE)

F084. MDNS spoofing

F085. Sensitive data stored in the client-side storage

F086. Missing subresource integrity check

F087. Account lockout

F090. Code injection (CSV)

F091. Log injection

F093. Hidden fields manipulation

F096. Insecure deserialization

F097. Reverse tabnabbing

F098. External control of file name or path

F100. Server-side request forgery (SSRF)

F101. Lack of protection against deletion

F102. Email uniqueness not properly verified

F103. Insufficient data authenticity validation

F104. USB flash drive attacks

F105. Apache Lucene query injection

F106. NoSQL injection

F107. LDAP injection

F108. Improper control of interaction frequency

F110. HTTP request smuggling

F111. Out-of-bounds Read

F114. Phishing

F115. Security controls bypass

F116. XS-Leaks

Hygiene

F037. Technical information leak

F043. Improperly set HTTP headers

F044. Insecure HTTP methods enabled

F046. Missing secure obfuscation

F058. Debugging enabled in production

F060. Insecure exceptions

F061. Errors without traceability

F062. Concurrent sessions

F064. Traceability loss

F068. Insecure session expiration time

F070. Inappropriate coding practices

F072. Duplicate code

F073. Conditional statement without a default option

F074. Commented-out code

F079. Non-upgradable dependencies

F088. Privacy violation

F113. Improper type assignation

F117. Unverifiable files

F118. Regulation infringement

F119. Metadata with sensitive information

F120. Improper dependency pinning

Contact us

We are a proud corporate member of the OWASP Foundation

Products
Integrates
Drills
Forces
Skims

Services
Continuous Hacking
One-shot Hacking
Comparative

Solutions
DevSecOps
Security Testing
Pentesting
Ethical Hacking
Red Teaming
Attack Simulation

About Us
Certifications
Differentiators
Values
Reviews
Resources
Events
People
Partners
Security

Blog
Careers
FAQ
Community
Contact
Newsletter

Contact Us

Number is valid Number is not valid

Please select an option

Clutch Review

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy