C#
The below table will provide you with insight into currently supported C# security checks.
Sr.No. | Supported Rules |
---|---|
CWE-78: The dynamic value passed to the command execution should be validated. | |
CWE-89: SQL injection flaws are introduced when software developers create dynamic database queries that include user supplied input. | |
CWE-643: The dynamic value passed to the XPath query should be validated. | |
CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing. | |
CWE-22: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the expected directory. | |
CWE-79: Cross-Site Scripting (XSS) | |
CWE-90: The dynamic value passed to the LDAP query should be validated. | |
CWE-295: Certificate Validation has been disabled. The communication could be intercepted. | |
CWE-338: The random numbers generated could be predicted. | |
CWE-327: MD5 or SHA1 have known collision weaknesses and are no longer considered strong hashing algorithms. | |
CWE-1004: It is recommended to specify the HttpOnly flag to new cookie. | |
CWE-259: The password configuration to this API appears to be hardcoded. | |
CWE: 284: Controller method is potentially vulnerable to authorization bypass | |
CWE-295: Certificate Validation has been disabled. The communication could be intercepted. | |
CWE-338: The random numbers generated could be predicted. | |
CWE-352: Anti-forgery token is missing. | |
CWE- 502: Untrusted data passed for deserialization. | |
CWE-521: The Required Length property must be set with a minimum value of 8. | |
CWE-524: Caching conflicts with authorization. | |
CWE-554: The viewStateEncryptionMode is not set to Always in configuration file. | |
CWE-601: The dynamic value passed to the Redirect should be validated. | |
CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing. | |
CWE-614: It is recommended to specify the Secure flag to new cookie. | |
CWE-643: The dynamic value passed to the XPath query should be validated. |
Updated about 2 months ago