...
Dead Code (defined fields never referenced, code never executed, subroutine never called)
Deprecated, Unsupported or Obsolete Functions
SQL Abuse (SQL Injection, SQL bad commands, System Variables manipulation, etc.)
HTTP Abuse (Header, Session or Cookies manipulation)
HTTP Response Splitting/Tampering, URL Redirect, File Upload, File Download, etc.)
Information Leak, Privacy Violation, Password management/hardened mistakes
Authentication/hardened Credential mistakes
Code Injection, Command Injection, Resource Injection LDAP Injection, XPath Injection
XML Injection, File Injection, Mail Injection, PDF Injection, Cross-Site Scripting
Invalid Process Control, Kernel Calls, Dangerous ABAP commands
Denial Of Service (Connection-exceptions, Flood, XML, Shutdown, Lock, etc.)
Buffer Overflow
Log Forging
Path Manipulation, Directory Traversal
Database Access and Authorization mistakes
Unsecure Communications (missed SSL, Outgoing FTP, Phishing, etc.)
CSRF (Cross-Site Request Forgery)
Misconfiguration Mistakes
Insecure Cryptography
Poor Error handling/Logging, Poor Input Validation
Dynamic Code, Native Code/Library
Each Each vulnerability detected will be classified using OWASP Top 10 2021, OWASP Top 10 API 2019, WASC, CVSS 3.1, PCI-DSS 4.0 and 3.2.1, BITEC and CWE 4.9 compliance standards. A graphical user interface provides navigation through detected vulnerabilities:
...