Verificación | CWE |
Authentication Vulnerabilities |
Authentication Bypass / Broken Authentication | CWE-287 |
Automated Authentication Brute Force (Form & HTTP-Based) |
Password Disclosure | CWE-311 |
Unencrypted Login | CWE-319 |
Weak Password Hashing |
Breach Confirmation |
Breach Confirmation through Dynamic Analysis |
Breach Confirmation through Source Code Analysis |
Breach Confirmation through Web Server Log Analysis |
Hidden Debug Parameter Discovery through Dynamic Analysis |
Hidden Debug Parameter Discovery through Source Code Analysis |
Hidden Debug Parameter Discovery and Injection through Hybrid Analysis |
Inappropriate Content Detection |
Malicious Content Detection |
Web-Based Backdoor Detection through Dynamic Analysis |
Web-Based Backdoor Detection through Source Code Analysis |
Command Execution | CWE-78 |
Command Execution through Dynamic Analysis |
Command Execution through Source Code Analysis |
Cross-Site Scripting (XSS) | CWE-79 |
Cross-Site Scripting (XSS) through Dynamic Analysis |
Cross-Site Scripting (XSS) through Source Code Analysis |
Weak XSS Filter/Validation Bypass through Dynamic Analysis |
Weak XSS Filter/Validation Bypass through Source Code Analysis |
HTML5 Specific XSS |
File Inclusion | CWE-98 |
Local File Inclusion (LFI) through Dynamic Analysis |
Remote File Inclusion (RFI) through Dynamic Analysis |
Local File Inclusion (LFI) through Source Code Analysis |
Remote File Inclusion (RFI) through Source Code Analysis |
NoSQL Injection | |
NoSQL Injection through Dynamic Analysis (Error-Based) | |
NoSQL Injection through Dynamic Analysis (Time-Based) | |
NoSQL Injection through Source Code Analysis | |
NoSQL Injection in MongoDB | |
SQL Injection | CWE-89 |
SQL Injection through Dynamic Analysis (Error-Based) |
SQL Injection through Dynamic Analysis (Blind) |
SQL Injection through Dynamic Analysis (Time-Based) |
SQL Injection through Source Code Analysis |
SQL Injection through Source Code Analysis (HQL) |
Code Injection | CWE-94 |
Code Injection through Dynamic Analysis (Print-Based) |
Code Injection through Dynamic Analysis (Time-Based) |
Code Injection in ASP Classic |
Code Injection in ASP.NET |
Code Injection in Java/JSP |
Code Injection in Lua (Nginx, Apache, CGI-Lua, etc) |
Code Injection in Perl |
Code Injection in PHP |
Code Injection in Python |
Code Injection in Ruby |
Code Injection in Server-Side JavaScript |
Source Code Disclosure | CWE-540 |
Source Code Disclosure through Injection |
Source Code Disclosure through Content Analysis |
Source Code Disclosure (ASP Classic) |
Source Code Disclosure (ASP.NET) |
Source Code Disclosure (Java/JSP) |
Source Code Disclosure (Lua) |
Source Code Disclosure (Perl) |
Source Code Disclosure (PHP) |
Source Code Disclosure (SSI) |
Extension Checking |
Double Extension Checking |
Common Backup Extensions |
Structure Brute Force |
Admin Pages |
Common Backup Files |
Common Backup Folders |
Database Disclosure |
Old/Backup Files | CWE-530 |
Common Form Weaknesses |
Email Form Hijacking |
Hidden Price Form Field |
AutoComplete Enabled (in sensitive form inputs) |
Unencrypted Credit Card Transaction |
Denial-of-Service (DoS) | CWE-730 |
Client-Side Denial-of-Service |
Denial-of-Service through Injection |
Buffer Overflow | CWE-120 |
Multiple Disclosure Vulnerabilities |
Common Exposures |
Information Disclosure through Injection | CWE-200 |
Information Disclosure through Content Analysis | CWE-200 |
Information Disclosure through Source Code Analysis | CWE-497 |
Internal IP Address Disclosure | CWE-200 |
Path Disclosure through Injection | CWE-211 |
Path Disclosure through Content Analysis | CWE-211 |
Directory Listing | CWE-548 |
Web Technology Disclosures |
Suspicious HTML Comments |
Log Forging | CWE-117 |
Log Forging through Source Code Analysis |
XPath Injection | CWE-91 |
XPath Injection through Dynamic Analysis |
XPath Injection through Source Code Analysis |
LDAP Injection | CWE-90 |
LDAP Injection through Dynamic Analysis |
LDAP Injection through Source Code Analysis |
Unvalidated Redirects | CWE-601 |
Unvalidated Redirects through Dynamic Analysis |
Unvalidated Redirects through Source Code Analysis |
CRLF Header Injection | CWE-93 |
CRLF Header Injection through Dynamic Analysis |
CRLF Header Injection through Source Code Analysis |
Expression Language (EL) Injection | CWE-917 |
Cookie Manipulation |
Cross Frame Scripting | CWE-352 |
Dangerous Methods | CWE-749 |
Default Content | CWE-276 |
Directory Traversal | CWE-22 |
Server-Specific Vulnerabilities in IIS, iPlanet & Others | |
Server-Side Request Forgery | CWE-918 |
Server-Side Includes (SSI) Injection | |
XML Injection | CWE-661 |
XML External Entity (XXE) Injection | CWE-827 |
XML External Entity (XXE) Injection through Dynamic Analysis | |
XML External Entity (XXE) Injection through Source Code Analysis | |
Known Vulnerable Apps |
Known Vulnerable Apps (Apache Struts) |
Known Vulnerable Apps (ASP Classic) |
Known Vulnerable Apps (ASP.Net) |
Known Vulnerable Apps (ColdFusion) |
Known Vulnerable Apps (Dynamic HTML) |
Known Vulnerable Apps (Flash) |
Known Vulnerable Apps (Java / JSP) |
Known Vulnerable Apps (Perl) |
Known Vulnerable Apps (Python) |
Known Vulnerable Apps (Ruby) |
Known Vulnerable Apps (SSI) |
Known Vulnerable Apps (IIS) |