SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

C# & ASP.NET

No. & Rule Name
CWE(s)
OWASP Top 10/SANS 25

(1) Use of Hardcoded Credentials

(798) Use of Hard-coded Credentials

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(259) Use of Hard-coded Password

SANS/CWE Top 25

(2) Use of Password Hash With Insufficient Computational Effort

(916) Use of Password Hash With Insufficient Computational Effort

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(4) Hardcoded Secret

(547) Use of Hard-coded, Security-relevant Constants

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(5) Insecure Data Transmission

(319) Cleartext Transmission of Sensitive Information

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(6) Command Injection

(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(7) Cross-site Scripting (XSS)

(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(8) Server-Side Request Forgery (SSRF)

(918) Server-Side Request Forgery (SSRF)

OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)

SANS/CWE Top 25

(9) Open Redirect

(601) URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(10) Regular expression injection

(400) Uncontrolled Resource Consumption

(730)

(11) XML Injection

(611) Improper Restriction of XML External Entity Reference

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

SANS/CWE Top 25

(12) SQL Injection

(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(13) Log Forging

(117) Improper Output Neutralization for Logs

OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures

(14) XML External Entity (XXE) Injection

(611) Improper Restriction of XML External Entity Reference

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

SANS/CWE Top 25

(15) Inadequate Encryption Strength

(326) Inadequate Encryption Strength

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(16) Use of Insufficiently Random Values

(330) Use of Insufficiently Random Values

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(17) Sensitive Cookie Without 'HttpOnly' Flag

(1004) Sensitive Cookie Without 'HttpOnly' Flag

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(18) Request Validation Disabled

(554) ASP.NET Misconfiguration: Not Using Input Validation Framework

(19) IgnoreAntiforgeryToken in Use

(352) Cross-Site Request Forgery (CSRF)

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

(20) Debug Features Enabled

(215) Insertion of Sensitive Information Into Debugging Code

(21) Deserialization of Untrusted Data

(502) Deserialization of Untrusted Data

OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

SANS/CWE Top 25

(22) ASP SSL Disabled

(319) Cleartext Transmission of Sensitive Information

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(23) Code Injection

(94) Improper Control of Generation of Code ('Code Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(24) Information Exposure

(200) Exposure of Sensitive Information to an Unauthorized Actor

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

(25) Exposure of Private Personal Information to an Unauthorized Actor

(359) Exposure of Private Personal Information to an Unauthorized Actor

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(26) Cleartext Storage of Sensitive Information in a Cookie

(315) Cleartext Storage of Sensitive Information in a Cookie

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(27) LDAP Injection

(90) Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(28) Path Traversal

(23) Relative Path Traversal

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(29) XPath Injection

(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(30) Arbitrary File Write via Archive Extraction (Zip Slip)

(22) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

PreviousRubyNextCustom rules (beta)

Last updated

Was this helpful?

#4707: More info: Update pricing plans page

Change request updated