JavaScript Sicherheitsschwachstellen
Shoulder erkennt 116 Sicherheitsmuster, die spezifisch für JavaScript-Anwendungen sind, die mit JavaScript erstellt wurden.
Framework-Abdeckung
Schwachstellenkategorien
CWE-20
7 Regeln
Improper Input Validation
CWE-200
5 Regeln
Exposure of Sensitive Information to an Unauthorized Actor
2 critical
CWE-798
5 Regeln
Use of Hard-coded Credentials
2 critical
CWE-89
4 Regeln
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
4 critical
CWE-79
3 Regeln
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1 critical
CWE-285
3 Regeln
Improper Authorization
3 critical
CWE-639
3 Regeln
Authorization Bypass Through User-Controlled Key
1 critical
CWE-22
2 Regeln
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
1 critical
CWE-94
2 Regeln
Improper Control of Generation of Code ('Code Injection')
1 critical
CWE-117
2 Regeln
Improper Output Neutralization for Logs
CWE-209
2 Regeln
Generation of Error Message Containing Sensitive Information
CWE-327
2 Regeln
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
2 Regeln
Uncontrolled Resource Consumption
CWE-502
2 Regeln
Deserialization of Untrusted Data
1 critical
CWE-601
2 Regeln
URL Redirection to Untrusted Site ('Open Redirect')
CWE-770
2 Regeln
Allocation of Resources Without Limits or Throttling
CWE-915
2 Regeln
Improperly Controlled Modification of Dynamically-Determined Object Attributes
2 critical
CWE-918
2 Regeln
Server-Side Request Forgery (SSRF)
CWE-1104
2 Regeln
Use of Unmaintained Third Party Components
CWE-1321
2 Regeln
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Scannen Sie Ihr JavaScript-Projekt
Führen Sie das Shoulder CLI aus, um JavaScript-spezifische Schwachstellen zu finden.