OWASP Standard Compliance

Supported OWASP rules

Embold supports OWASP top-10 related code issues.
Supported Language: Java, Go, Python, Ruby, C#

Level	OWSAP Top-10 code issues	Reference	Language supported
A1	Injection	[CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') OWASP: Command Injection OWASP: Top 10 2013-A1-Injection	C#, Java, Ruby, Python
A2	Broken Authentication	[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') WASC-19: SQL Injection OWASP: SQL Injection Prevention Cheat Sheet OWASP: Query Parameterization Cheat Sheet CAPEC-66: SQL Injection Bobby Tables: A guide to preventing SQL injection	Go, Python, Java, C#
A3	Sensitive Data Exposure	CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') WASC-39: XPath Injection OWASP: XPATH Injection Black Hat Europe 2012: Hacking XPath 2.0	C#, Go, Ruby, Python, Java
A4	XML External Entities	CWE-611: Improper Restriction of XML External Entity Reference ('XXE') OWASP.org: XML External Entity (XXE) Prevention Cheat Sheet (.NET) CERT: IDS10-J. Prevent XML external entity attacks OWASP.org: XML External Entity (XXE) Processing WS-Attacks.org: XML Entity Expansion [WS-Attacks.org: XML External Entity DOS](http://www.ws-attacks.org/index.php/XML_External_Entity_DOS] WS-Attacks.org: XML Entity Reference Attack Identifying Xml eXternal Entity vulnerability (XXE)	Python, Java, C#
A5	Broken Access Control		Ruby, Python, Java
A6	Security Misconfiguration		Go, Ruby, Python, Java
A7	Cross-Site Scripting XSS		Ruby, python, Java
A8	Insecure Deserialization	CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute OWASP: Secure Flag Rapid7: Missing Secure Flag From SSL Cookie	Ruby, Java
A9	Avoid FilecreateTempFile	CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag Coding Horror blog: Protecting Your Cookies: HttpOnly OWASP: HttpOnly Rapid7: Missing HttpOnl	Java
A10	Insufficient Logging & Monitoring		Go, Ruby, Java