Checks


Web Application Security Checks

Syhunt's database is the culmination of years of research by Syhunt and includes checks for a extremely wide array of different web application security threats, as shown below.

CheckCWE
Command Execution78
Cross-Site Scripting (XSS)79
Filter Evasion/Weak Validation79
File Inclusion98
Local File Inclusion98
Remote File Inclusion98
NoSQL Injection 
NoSQL Injection in MongoDB 
SQL Injection (Error & Blind)89
SQL Injection in Access
SQL Injection in DB2
SQL Injection in dbx
SQL Injection in Firebird/InterBase
SQL Injection in FrontBase
SQL Injection in Informix
SQL Injection in Ingres
SQL Injection in MaxDB
SQL Injection in mSQL
SQL Injection in MySQL
SQL Injection in Oracle
SQL Injection in Ovrimos
SQL Injection in PostgreSQL
SQL Injection in SQL Server
SQL Injection in SQLite
SQL Injection in Swish
SQL Injection in Sybase
SQL Injection in Others
Unvalidated Redirects601
Arbitrary File Manipulation73
Buffer Overflow120
Cookie Manipulation
Common Exposures
CRLF Injection93
Cross Frame Scripting352
Dangerous Methods749
Default Content276
Denial-of-Service (DoS)730
Default Account276
Directory Listing548
Directory Traversal22
Email Form Hijacking
HTTP Response Splitting113
Information Disclosure200
Internal IP Address Disclosure200
LDAP Injection90
Old/Backup Files530
Common Backup Files
Common Backup Folders
Password Disclosure311
Path Disclosure211
PHP Code Injection94
Server-Side JavaScript Injection 
Server-Specific Vulnerabilities 
Server-Specific Vulnerabilities in IIS, iPlanet & Others 
Source Code Disclosure540
Suspicious HTML Comments
Unencrypted Login319
Web-Based Backdoors 
XPath Injection91