Deprecated: Function create_function() is deprecated in /home/phototor/domains/phototor.com/public_html/wp-content/themes/premium-photography/inc/photo-widgets.php on line 3
Most common flaws reported by Secure Static Code Analyser | Suman Tiwari Travellography, Cyber Security & Photography Blog Most common flaws reported by Secure Static Code Analyser – Suman Tiwari Travellography, Cyber Security & Photography Blog

Most common flaws reported by Secure Static Code Analyser

Most common flaws reported by Secure Static Code Analyser
Zeynep Didem Akinoglu

Common flaws reported by Tools while doing Static Code Analysis

Below are the most common vulnerabilities reported by SAST tools like Veracode, Fortify, IBM Appscan Source and Checkmarx.

Critical/ High 

  1. SQL Injection
  2. Directory Traversal
  3. Cross-Site Scripting (XSS)
  4. Insufficient Input Validation
  5. CRLF Injection
  6. Time and State
  7. Session Fixation
  8. Code Quality
  9. Encapsulation
  10. Information Leakage
  11. API Abuse
  12. Cryptographic Issues
  13. Credentials Management
  14. Command or Argument Injection
  15. Untrusted Search Path
  16. Untrusted Initialization
  17. Potential Backdoor
  18. Server Configuration
  19. Buffer Overflow
  20. Dangerous Functions
  21. Numeric Errors
  22. Error Handling
  23. Buffer Management Errors
  24. Race Conditions
  25. Insecure Dependencies
  26. Deployment Configuration
  27. Authentication Issues
  28. Code Injection
  29. Format String
  30. Authorization Issues

Medium

  1. Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
  2. Process Control
  3. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
  4. External Control of File Name or Path
  5. Improper Output Neutralization for Logs
  6. Plaintext Storage of a Password
  7. Cleartext Storage of Sensitive Information in Memory
  8. Insufficient Entropy
  9. Unchecked Error Condition
  10. Improper Resource Shutdown or Release
  11. Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
  12. Use of Hard-coded Password
  13. Insecure Temporary File
  14. Improper Restriction of XML External Entity Reference (‘XXE’)
  15. Information Exposure Through Sent Data
  16. Use of Externally-Controlled Format String
  17. Embedded Malicious Code
  18. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  19. Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
  20. Unintended Proxy or Intermediary (‘Confused Deputy’)
  21. Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
  22. URL Redirection to Untrusted Site (‘Open Redirect’)
  23. Information Exposure Through an Error Message
  24. External Control of System or Configuration Setting
  25. Uncontrolled Search Path Element
  26. Use of a Broken or Risky Cryptographic Algorithm
  27. Use After Free
  28. Technology-Specific Input Validation Problems
  29. Improperly Controlled Modification of Dynamically-Determined Object Attributes
  30. Numeric Truncation Error
  31. Integer Underflow (Wrap or Wraparound)
  32. Signed to Unsigned Conversion Error
  33. Use of Inherently Dangerous Function
  34. Cleartext Transmission of Sensitive Information
  35. Protection Mechanism Failure
  36. Improper Following of a Certificate’s Chain of Trust
  37. Inadequate Encryption Strength
  38. Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)
  39. Information Exposure Through Environmental Variables
  40. Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
  41. Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
  42. Transmission of Private Resources into a New Sphere (‘Resource Leak’)
  43. Struts: Incomplete validate() Method Definition
  44. Struts: Form Bean Does Not Extend Validation Class
  45. Use of Hard-coded Cryptographic Key
  46. Race Condition within a Thread
  47. Leftover Debug Code
  48. Trust Boundary Violation
  49. J2EE Bad Practices: Direct Management of Connections
  50. Improper Verification of Cryptographic Signature
  51. J2EE Bad Practices: Use of System.exit()
  52. Use of Wrong Operator in String Comparison
  53. Stack-based Buffer Overflow
  54. Integer Overflow or Wraparound
  55. Argument Injection or Modification
  56. Improper Validation of Array Index
  57. Improper Null Termination
  58. Unsigned to Signed Conversion Error
  59. Failure to Handle Missing Parameter
  60. Out-of-bounds Read
  61. Missing Encryption of Sensitive Data
  62. Time-of-check Time-of-use (TOCTOU) Race Condition
  63. Improper Validation of Certificate with Host Mismatch
  64. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
  65. Cross-Site Request Forgery (CSRF)
  66. Insufficiently Protected Credentials
  67. Incorrect Ownership Assignment

Low

  1. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
  2. External Control of File Name or Path
  3. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  4. Improper Output Neutralization for Logs
  5. Use of Hard-coded Password
  6. Use of a Broken or Risky Cryptographic Algorithm
  7. Insufficient Entropy
  8. Insecure Temporary File
  9. Uncontrolled Search Path Element
  10. Unintended Proxy or Intermediary (‘Confused Deputy’)
  11. Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
  12. URL Redirection to Untrusted Site (‘Open Redirect’)
  13. Improper Restriction of XML External Entity Reference (‘XXE’)
  14. Information Exposure Through Sent Data
  15. Information Exposure Through an Error Message
  16. Improper Resource Shutdown or Release
  17. External Control of System or Configuration Setting
  18. Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
  19. Cleartext Storage of Sensitive Information in Memory
  20. Technology-Specific Input Validation Problems
  21. Improper Following of a Certificate’s Chain of Trust
  22. Insufficiently Protected Credentials
  23. Protection Mechanism Failure
  24. Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)
  25. Information Exposure Through Environmental Variables
  26. Embedded Malicious Code
  27. Unchecked Error Condition
  28. Process Control
  29. Struts: Form Bean Does Not Extend Validation Class
  30. Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
  31. Use of Hard-coded Cryptographic Key
  32. Leftover Debug Code
  33. Trust Boundary Violation
  34. J2EE Bad Practices: Direct Management of Connections
  35. J2EE Bad Practices: Use of System.exit()
  36. Use of Wrong Operator in String Comparison
  37. Plaintext Storage of a Password
  38. Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
  39. Struts: Incomplete validate() Method Definition
  40. Deserialization of Untrusted Data
  41. Improper Neutralization of Script in Attributes in a Web Page
  42. Improper Validation of Certificate with Host Mismatch
  43. Exposure of Resource to Wrong Sphere
  44. Cross-Site Request Forgery (CSRF)
  45. Transmission of Private Resources into a New Sphere (‘Resource Leak’)

 

 

 

About Author:

Suman Tiwari CPISI Exam Guide

Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion.

His Linkedin profile can be visited here for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *