Python
(1) Use of Hardcoded Credentials
(798) Use of Hard-coded Credentials
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(259) Use of Hard-coded Password
SANS/CWE Top 25
(2) Use of Password Hash With Insufficient Computational Effort
(916) Use of Password Hash With Insufficient Computational Effort
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(4) Hardcoded Secret
(547) Use of Hard-coded, Security-relevant Constants
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(5) Command Injection
(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(6) Cross-site Scripting (XSS)
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(7) Server-Side Request Forgery (SSRF)
(918) Server-Side Request Forgery (SSRF)
OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
SANS/CWE Top 25
(8) Open Redirect
(601) URL Redirection to Untrusted Site ('Open Redirect')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(9) SQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(10) Use of Hardcoded Cryptographic Key
(321) Use of Hard-coded Cryptographic Key
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(11) Sensitive Cookie Without 'HttpOnly' Flag
(1004) Sensitive Cookie Without 'HttpOnly' Flag
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(12) Deserialization of Untrusted Data
(502) Deserialization of Untrusted Data
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
SANS/CWE Top 25
(13) Code Injection
(94) Improper Control of Generation of Code ('Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(14) Path Traversal
(23) Relative Path Traversal
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(15) XPath Injection
(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(16) Origin Validation Error
(942) Permissive Cross-domain Policy with Untrusted Domains
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(346) Origin Validation Error
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(17) Cross-Site Request Forgery (CSRF)
(352) Cross-Site Request Forgery (CSRF)
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(18) Server Information Exposure
(209) Generation of Error Message Containing Sensitive Information
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(19) Regular Expression Denial of Service (ReDoS)
(400) Uncontrolled Resource Consumption
(20) Improper Neutralization of Directives in Statically Saved Code
(96) Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(21) Broken User Authentication
(287) Improper Authentication
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
SANS/CWE Top 25
(22) Insecure File Permissions
(732) Incorrect Permission Assignment for Critical Resource
SANS/CWE Top 25
(23) Improper Handling of Insufficient Permissions or Privileges
(280) Improper Handling of Insufficient Permissions or Privileges
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(24) Arbitrary File Write via Archive Extraction (Tar Slip)
(22) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
Last updated
Was this helpful?