The below table will provide you with insight into currently supported C# security checks.
| Sr.No. | Supported Rules |
|---|---|
| 1. | CWE-78: The dynamic value passed to the command execution should be validated. |
| 2. | CWE-89: SQL injection flaws are introduced when software developers create dynamic database queries that include user supplied input. |
| 3. | CWE-643: The dynamic value passed to the XPath query should be validated. |
| 4. | CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing. |
| 5. | CWE-22: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the expected directory. |
| 6. | CWE-79: Cross-Site Scripting (XSS) |
| 7. | CWE-90: The dynamic value passed to the LDAP query should be validated. |
| 8. | CWE-295: Certificate Validation has been disabled. The communication could be intercepted. |
| 9. | CWE-338: The random numbers generated could be predicted. |
| 10. | CWE-327: MD5 or SHA1 have known collision weaknesses and are no longer considered strong hashing algorithms. |
| 11. | CWE-1004: It is recommended to specify the HttpOnly flag to new cookie. |
| 12. | CWE-259: The password configuration to this API appears to be hardcoded. |
| 13. | CWE: 284: Controller method is potentially vulnerable to authorization bypass |
| 14. | CWE-295: Certificate Validation has been disabled. The communication could be intercepted. |
| 15. | CWE-338: The random numbers generated could be predicted. |
| 16. | CWE-352: Anti-forgery token is missing. |
| 17. | CWE- 502: Untrusted data passed for deserialization. |
| 18. | CWE-521: The Required Length property must be set with a minimum value of 8. |
| 19. | CWE-524: Caching conflicts with authorization. |
| 20. | CWE-554: The viewStateEncryptionMode is not set to Always in configuration file. |
| 21. | CWE-601: The dynamic value passed to the Redirect should be validated. |
| 22. | CWE-611: The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing. |
| 23. | CWE-614: It is recommended to specify the Secure flag to new cookie. |
| 24. | CWE-643: The dynamic value passed to the XPath query should be validated. |
Updated about 2 years ago