OWASP Standard Compliance

Supported OWASP rules

Embold supports OWASP top-10 related code issues.
Supported Language: Java, Go, Python, Ruby, C#

LevelOWSAP Top-10 code issuesReferenceLanguage supported
A1Injection[CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP: Command Injection
OWASP: Top 10 2013-A1-Injection
C#, Java, Ruby, Python
A2Broken Authentication[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
WASC-19: SQL Injection
OWASP: SQL Injection Prevention Cheat Sheet
OWASP: Query Parameterization Cheat Sheet
CAPEC-66: SQL Injection
Bobby Tables: A guide to preventing SQL injection
Go, Python, Java, C#
A3Sensitive Data ExposureCWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection')
WASC-39: XPath Injection
OWASP: XPATH Injection
Black Hat Europe 2012: Hacking XPath 2.0
C#, Go, Ruby, Python, Java
A4XML External EntitiesCWE-611: Improper Restriction of XML External Entity Reference ('XXE')
OWASP.org: XML External Entity (XXE) Prevention Cheat Sheet (.NET)
CERT: IDS10-J. Prevent XML external entity attacks
OWASP.org: XML External Entity (XXE) Processing
WS-Attacks.org: XML Entity Expansion
[WS-Attacks.org: XML External Entity DOS](http://www.ws-attacks.org/index.php/XML_External_Entity_DOS]
WS-Attacks.org: XML Entity Reference Attack
Identifying Xml eXternal Entity vulnerability (XXE)
Python, Java, C#
A5Broken Access ControlRuby, Python, Java
A6Security MisconfigurationGo, Ruby, Python, Java
A7Cross-Site Scripting XSSRuby, python, Java
A8Insecure DeserializationCWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP: Secure Flag
Rapid7: Missing Secure Flag From SSL Cookie
Ruby, Java
A9Avoid FilecreateTempFileCWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
Coding Horror blog: Protecting Your Cookies: HttpOnly
OWASP: HttpOnly

Rapid7: Missing HttpOnl
Java
A10Insufficient Logging & MonitoringGo, Ruby, Java