Support
API docs
Product updates Sign up for free

Visual Basic rules

Rule (1) Path Traversal

CWE (23) Relative Path Traversal

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

Rule (2) Command Injection

CWE (78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (3) Cross-site Scripting (XSS)

CWE (79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (4) SQL Injection

CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (5) XML Injection

CWE (91) XML Injection (aka Blind XPath Injection)

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (6) Code Injection

CWE (94) Improper Control of Generation of Code ('Code Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (7) Debug Features Enabled

CWE (215) Insertion of Sensitive Information Into Debugging Code

Rule (8) Use of Hardcoded Credentials

CWE (259, 798) Use of Hard-coded Password, Use of Hard-coded Credentials

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (9) Inadequate Encryption Strength

CWE (326) Inadequate Encryption Strength

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (10) Use of a Broken or Risky Cryptographic Algorithm

CWE (327) Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (11) Use of Insufficiently Random Values

CWE (330) Use of Insufficiently Random Values

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (12) Regular expression injection

CWE (400, 730) Uncontrolled Resource Consumption, OWASP Top Ten 2004 Category A9 - Denial of Service

Rule (13) Deserialization of Untrusted Data

CWE (502) Deserialization of Untrusted Data

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (14) Hardcoded Secret

CWE (547) Use of Hard-coded, Security-relevant Constants

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (15) Request Validation Disabled

CWE (554) ASP.NET Misconfiguration: Not Using Input Validation Framework

Rule (16) Open Redirect

CWE (601) URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

Rule (17) XML External Entity (XXE) Injection

CWE (611) Improper Restriction of XML External Entity Reference

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (18) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE (614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (19) XPath Injection

CWE (643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (20) Use of Password Hash With Insufficient Computational Effort

CWE (916) Use of Password Hash With Insufficient Computational Effort

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (21) Server-Side Request Forgery (SSRF)

CWE (918) Server-Side Request Forgery (SSRF)

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (22) Sensitive Cookie Without 'HttpOnly' Flag

CWE (1004) Sensitive Cookie Without 'HttpOnly' Flag

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

PreviousSwift rulesNextXML rules

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.