Enhanced Security Checks
The security check feature in the enhanced package is highly valuable as it thoroughly identifies code security risks and vulnerabilities. It also includes security scenarios that are not found in other packages, such as value errors, encryption issues, and data verification issues. Moreover, it enhances security check and analysis for vulnerability detection items in the industry (such as cross-function check, cross-file check, taint analysis, semantic analysis).
Currently, the package contains 284 rules (Java: 61; C++: 199; Go: 8; Python: 16).
Item |
OWASP Top |
CWE Top |
Description |
Basic/Professional Edition |
Enhanced Package |
---|---|---|---|---|---|
Command injection |
Yes |
Yes |
Attackers use external input to construct system commands and use applications that can invoke system commands to perform unauthorized operations. |
Yes |
Yes |
Path traversal |
No |
Yes |
Attackers use the vulnerabilities of applications to access data or directories without obtaining authorization, thereby causing data leak or tampering. |
No |
Yes |
SQL injection |
Yes |
Yes |
Attackers use pre-defined query statements and construct additional sentences through external input to implement unauthorized operations. |
Yes |
Yes |
Uncontrolled format string |
No |
Yes |
Attackers use the format string vulnerability to control programs and cause information leakage. |
No |
Yes |
Cross-site scripting (XSS) attack |
Yes |
Yes |
Attackers insert malicious code to the links from websites or emails to steal user information. |
No |
Yes |
LDAP injection |
Yes |
Yes |
Unauthorized lightweight directory access protocol (LDAP) queries are generated based on the parameters entered by users to steal user information. |
No |
Yes |
Insecure reflection |
Yes |
Yes |
Attackers use external input to bypass access control paths such as identity authentication and perform unauthorized operations. |
No |
Yes |
Open redirection vulnerability |
No |
Yes |
Attackers change the redirection address to a malicious website to initiate phishing, fraud, or steal user credentials. |
No |
Yes |
XPath injection |
Yes |
Yes |
Attackers use external input with malicious query code for privilege escalation. |
Yes |
Yes |
Incorrect array index |
No |
Yes |
Out-of-bounds memory read occurs, which may cause information leakage or system breakdown. |
No |
Yes |
Null pointer dereference |
No |
Yes |
Unpredictable system errors may occur, resulting in system breakdown. |
Yes |
Yes |
Information leakage in logs |
No |
Yes |
Information leakage in server logs and debug logs |
No |
Yes |
Information leakage in messages |
No |
Yes |
Information leakage caused by error messages |
Yes |
Yes |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot