Updated on 2025-01-22 GMT+08:00

Enhanced Security Checks

The security check feature in the enhanced package is highly valuable as it thoroughly identifies code security risks and vulnerabilities. It also includes security scenarios that are not found in other packages, such as value errors, encryption issues, and data verification issues. Moreover, it enhances security check and analysis for vulnerability detection items in the industry (such as cross-function check, cross-file check, taint analysis, semantic analysis).

Currently, the package contains 284 rules (Java: 61; C++: 199; Go: 8; Python: 16).

Table 1 Differences between the enhanced package and common editions

Item

OWASP Top

CWE Top

Description

Basic/Professional Edition

Enhanced Package

Command injection

Yes

Yes

Attackers use external input to construct system commands and use applications that can invoke system commands to perform unauthorized operations.

Yes

Yes

Path traversal

No

Yes

Attackers use the vulnerabilities of applications to access data or directories without obtaining authorization, thereby causing data leak or tampering.

No

Yes

SQL injection

Yes

Yes

Attackers use pre-defined query statements and construct additional sentences through external input to implement unauthorized operations.

Yes

Yes

Uncontrolled format string

No

Yes

Attackers use the format string vulnerability to control programs and cause information leakage.

No

Yes

Cross-site scripting (XSS) attack

Yes

Yes

Attackers insert malicious code to the links from websites or emails to steal user information.

No

Yes

LDAP injection

Yes

Yes

Unauthorized lightweight directory access protocol (LDAP) queries are generated based on the parameters entered by users to steal user information.

No

Yes

Insecure reflection

Yes

Yes

Attackers use external input to bypass access control paths such as identity authentication and perform unauthorized operations.

No

Yes

Open redirection vulnerability

No

Yes

Attackers change the redirection address to a malicious website to initiate phishing, fraud, or steal user credentials.

No

Yes

XPath injection

Yes

Yes

Attackers use external input with malicious query code for privilege escalation.

Yes

Yes

Incorrect array index

No

Yes

Out-of-bounds memory read occurs, which may cause information leakage or system breakdown.

No

Yes

Null pointer dereference

No

Yes

Unpredictable system errors may occur, resulting in system breakdown.

Yes

Yes

Information leakage in logs

No

Yes

Information leakage in server logs and debug logs

No

Yes

Information leakage in messages

No

Yes

Information leakage caused by error messages

Yes

Yes