SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Go

No. & Rule Name
CWE(s)
OWASP Top 10/SANS 25

(1) Use of Hardcoded Credentials

(798) Use of Hard-coded Credentials

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(259) Use of Hard-coded Password

SANS/CWE Top 25

(2) Use of Password Hash With Insufficient Computational Effort

(916) Use of Password Hash With Insufficient Computational Effort

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(3) Hardcoded Secret

(547) Use of Hard-coded, Security-relevant Constants

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(4) Command Injection

(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(5) Cross-site Scripting (XSS)

(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(6) Server-Side Request Forgery (SSRF)

(918) Server-Side Request Forgery (SSRF)

OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)

SANS/CWE Top 25

(7) Open Redirect

(601) URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(8) SQL Injection

(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(9) Inadequate Encryption Strength

(326) Inadequate Encryption Strength

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(10) Use of Insufficiently Random Values

(330) Use of Insufficiently Random Values

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(11) Sensitive Cookie Without 'HttpOnly' Flag

(1004) Sensitive Cookie Without 'HttpOnly' Flag

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(12) Path Traversal

(23) Relative Path Traversal

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(13) XPath Injection

(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(14) Improper Certificate Validation

(295) Improper Certificate Validation

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(15) Insecure TLS Configuration

(327) Use of a Broken or Risky Cryptographic Algorithm

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(16) Clear Text Logging

(200) Exposure of Sensitive Information to an Unauthorized Actor

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(312) Cleartext Storage of Sensitive Information

OWASP Top Ten 2021 Category A04:2021 - Insecure Design

SANS/CWE Top 25

(17) Generation of Error Message Containing Sensitive Information

(209) Generation of Error Message Containing Sensitive Information

OWASP Top Ten 2021 Category A04:2021 - Insecure Design

PreviousSecurity Rules used by Snyk CodeNextJava

Last updated

Was this helpful?

#4707: More info: Update pricing plans page

Change request updated