Below are the most common vulnerabilities reported by SAST tools like Veracode, Fortify, IBM Appscan Source and Checkmarx. Critical/ High SQL Injection Directory Traversal Cross-Site Scripting (XSS) Insufficient Input Validation CRLF Injection Time and State Session Fixation Code Quality Encapsulation Information Leakage API Abuse Cryptographic Issues Credentials Management Command or Argument Injection Untrusted Search Path …