AppSec Findings Database List


The complete list of findings in the AppSec Finding Database:

# Risk Name
1 High SQL Injection
2 High Reflected XSS
3 High Stored XSS
4 High Dom Based XSS
5 High Unrestricted File Upload
6 High Command Injection
7 High File Inclusion
8 High Path Traversal
9 High Insecure Direct Object Reference
10 High Privilege Escalation
11 High Lack of Network Encryption
12 High Cross Site Request Forgery
13 High XXE Injection
14 High Default Credentials
15 High LDAP Injection
16 High Authentication Bypass
17 High HTTP Header Injection
18 High Template Injection
19 High Server Side Request Forgery
20 High Authorization Bypass
21 High Insecure File Share
22 Medium Session Fixation
23 Medium Failure To Invalidate Session
24 Medium Insufficient Session Timeout
25 Medium Lack of Logout Option
26 Medium Lack of Account Lockout
27 Medium Forced Browsing
28 Medium Persistent Session
29 Medium Directory Browsing
30 Medium URL Redirection
31 Medium Weak Password Policy
32 Medium Insecure Browser Cache
33 Medium User Account Enumeration
34 Medium Predictable Session ID
35 Medium Insecure Third Party Component
36 Medium Insecure Password Reset
37 Medium Sensitive Fields Cached
38 Medium Password in Response
39 Medium Insecure Encryption Key
40 Medium Object Serialization
41 Medium Insufficient Attack Protection
42 Medium Insecure Local Storage
43 Medium Sensitive Data In Cookie
44 Medium Lack of Certificate Pinning
45 Low Weak SSL Cipher
46 Low Sensitive Information in URL
47 Low Strict Transport Security Not Set
48 Low Secure Flag Not Set
49 Low HTTPOnly Not Set
50 Low Risky HTTP Methods
51 Low Verbose Error Message
52 Low Cross-Origin-Resource-Sharing
53 Low Cross Frame Scripting
54 Low Cross Domain Referrer Leakage
55 Low Unnecessary Content Available
56 Low Source Code Disclosure
57 Low Code Not Obfuscated
58 Low Keyboard Caching Enabled
59 Low Clipboard Enabled
60 Best Practice X-XSS-Protection Not Set
61 Best Practice X-Content-Type-Options Not Set
62 Best Practice Concurrent Sessions
63 Best Practice Cross Site Script Inclusion
64 Best Practice Post Accepted As Get
65 Best Practice SameSite Not Set
66 Best Practice Content Security Policy Not Set