Apex rules
Rule (1) Command Injection
CWE (78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (2) Cross-site Scripting (XSS)
CWE (79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (3) SOQL Injection
CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (4) SOSL Injection
CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (5) Unsafe SOQL Concatenation
CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (6) Unsafe SOSL Concatenation
CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (7) XML Injection
CWE (91) XML Injection (aka Blind XPath Injection)
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
Rule (8) Clear Text Sensitive Storage
CWE (200, 312) Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Storage of Sensitive Information
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A04:2021 - Insecure Design
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (9) Use of Hardcoded Credentials
CWE (259, 798) Use of Hard-coded Password, Use of Hard-coded Credentials
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (10) Access Violation
CWE (284, 285) Improper Access Control, Improper Authorization
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Rule (11) Improper Access Control: Email Content Injection
CWE (284) Improper Access Control
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Rule (12) Insecure Data Transmission
CWE (319) Cleartext Transmission of Sensitive Information
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Rule (13) Regular expression injection
CWE (400, 730) Uncontrolled Resource Consumption, OWASP Top Ten 2004 Category A9 - Denial of Service
Rule (14) Hardcoded Secret
CWE (547) Use of Hard-coded, Security-relevant Constants
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Rule (15) Open Redirect
CWE (601) URL Redirection to Untrusted Site ('Open Redirect')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Rule (16) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE (614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Rule (17) Unverified Password Change
CWE (620) Unverified Password Change
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
Rule (18) Use of Password Hash With Insufficient Computational Effort
CWE (916) Use of Password Hash With Insufficient Computational Effort
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Rule (19) Server-Side Request Forgery (SSRF)
CWE (918) Server-Side Request Forgery (SSRF)
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
OWASP Top 10/SANS 25: SANS/CWE Top 25
Last updated