Ruby
(1) Use of Hardcoded Credentials
(798) Use of Hard-coded Credentials
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(259) Use of Hard-coded Password
SANS/CWE Top 25
(2) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(3) Hardcoded Secret
(547) Use of Hard-coded, Security-relevant Constants
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(4) Insecure Data Transmission
(319) Cleartext Transmission of Sensitive Information
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(5) Command Injection
(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(6) Cross-site Scripting (XSS)
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(7) Open Redirect
(601) URL Redirection to Untrusted Site ('Open Redirect')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(8) SQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(9) Use of Hardcoded Cryptographic Key
(321) Use of Hard-coded Cryptographic Key
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(10) XML External Entity (XXE) Injection
(611) Improper Restriction of XML External Entity Reference
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
SANS/CWE Top 25
(11) Use of Insufficiently Random Values
(330) Use of Insufficiently Random Values
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(12) Sensitive Cookie Without 'HttpOnly' Flag
(1004) Sensitive Cookie Without 'HttpOnly' Flag
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(13) Deserialization of Untrusted Data
(502) Deserialization of Untrusted Data
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
SANS/CWE Top 25
(14) Code Injection
(94) Improper Control of Generation of Code ('Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(15) Information Exposure
(200) Exposure of Sensitive Information to an Unauthorized Actor
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(16) Path Traversal
(23) Relative Path Traversal
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(17) XPath Injection
(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(18) Improper Certificate Validation
(295) Improper Certificate Validation
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(19) Cross-Site Request Forgery (CSRF)
(352) Cross-Site Request Forgery (CSRF)
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(20) Improper Input Validation
(20) Improper Input Validation
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(21) Regular Expression Denial of Service (ReDoS)
(400) Uncontrolled Resource Consumption
(22) Improper Neutralization of Directives in Statically Saved Code
(96) Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(23) Improperly Controlled Modification of Dynamically-Determined Object Attributes
(915) Improperly Controlled Modification of Dynamically-Determined Object Attributes
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
(24) Unsafe Reflection
(470) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
OWASP Top Ten 2021 Category A03:2021 - Injection
Last updated
Was this helpful?