-
Failure to Preserve Web Page Structure ('Cross-site Scripting')
-
Failure to Preserve SQL Query Structure (aka 'SQL Injection')
-
Cross-Site Request Forgery (CSRF)
-
Unrestricted Upload of File with Dangerous Type
-
Failure to Preserve OS Command Structure (aka 'OS Command Injection')
-
Information Exposure Through an Error Message
-
URL Redirection to Untrusted Site ('Open Redirect')
-
Race Condition
-
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
-
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
-
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
-
Buffer Access with Incorrect Length Value
-
Improper Check for Unusual or Exceptional Conditions
-
Improper Validation of Array Index
-
Integer Overflow or Wraparound
-
Incorrect Calculation of Buffer Size
-
Download of Code Without Integrity Check
-
Allocation of Resources Without Limits or Throttling
-
Improper Access Control (Authorization)
-
Reliance on Untrusted Inputs in a Security Decision
-
Missing Encryption of Sensitive Data
-
Use of Hard-coded Credentials
-
Missing Authentication for Critical Function
-
Incorrect Permission Assignment for Critical Resource
-
Use of a Broken or Risky Cryptographic Algorithm
-
Autre (précisez svp)
Partager