Swift Fixes

• 113 – Improper type assignation
• 115 – Security controls bypass or absence
• 117 – Unverifiable files
• 119 – Metadata with sensitive information
• 124 – Race condition
• 126 – Lack of isolation methods
• 138 – Inappropriate coding practices
• 140 – Insecure exceptions - Empty or no catch
• 142 – Sensitive information in source code - API Key
• 145 – Inappropriate coding practices - Cyclomatic complexity
• 147 – Insecure encryption algorithm - SSLContext
• 156 – Uncontrolled external site redirect
• 172 – Insecure service configuration - App Backup
• 173 – Insecure service configuration - Backup
• 183 – Debugging enabled in production
• 184 – Lack of data validation
• 191 – Lack of data validation - Responses
• 194 – Lack of data validation - Input Length
• 197 – Lack of data validation - Numbers
• 199 – Lack of data validation - Emails
• 201 – Unauthorized access to files
• 204 – Insufficient data authenticity validation
• 210 – Security controls bypass or absence - Facial Recognition
• 233 – Incomplete funcional code
• 237 – Technical information leak - Print Functions
• 240 – Authentication mechanism absence or evasion - OTP
• 262 – Insecure encryption algorithm - SHA1
• 265 – Insecure encryption algorithm - AES
• 268 – Insecure service configuration - Webview
• 269 – Insecure encryption algorithm - Blowfish
• 270 – Insecure functionality - File Creation
• 271 – Insecure functionality - Password management
• 273 – Insecure functionality - Fingerprint
• 275 – Non-encrypted confidential information - Local data
• 284 – Non-encrypted confidential information - Base 64
• 285 – Insecure service configuration - App Transport Security
• 298 – Authentication mechanism absence or evasion - Redirect
• 310 – Unauthorized access to screen
• 317 – Improper resource allocation - Memory leak
• 332 – Use of insecure channel - Source code
• 340 – Lack of data validation - Special Characters
• 345 – Security controls bypass or absence - Session Invalidation
• 346 – Excessive privileges - Mobile App
• 359 – Sensitive information in source code - Credentials
• 370 – Authentication mechanism absence or evasion - Security Image
• 378 – Non-encrypted confidential information - Hexadecimal
• 382 – Insufficient data authenticity validation - Front bypass
• 391 – Inappropriate coding practices - Unused properties
• 393 – Use of software with known vulnerabilities in development
• 395 – Insecure generation of random numbers - Static IV
• 421 – Insecure encryption algorithm - Insecure Elliptic Curve
• 428 – Inappropriate coding practices - invalid file
• 435 – Use of software with known vulnerabilities in environments
• 006 – Authentication mechanism absence or evasion
• 007 – Cross-site request forgery
• 011 – Use of software with known vulnerabilities
• 013 – Insecure object reference
• 014 – Insecure functionality
• 015 – Insecure authentication method - Basic
• 016 – Insecure encryption algorithm - SSL/TLS
• 017 – Sensitive information sent insecurely
• 019 – Administrative credentials stored in cache memory
• 020 – Non-encrypted confidential information
• 022 – Use of an insecure channel
• 026 – User enumeration
• 028 – Insecure temporary files
• 034 – Insecure generation of random numbers
• 038 – Business information leak
• 052 – Insecure encryption algorithm
• 060 – Insecure service configuration - Host verification
• 066 – Technical information leak - Console functions
• 067 – Improper resource allocation
• 068 – Insecure session expiration time
• 069 – Weak CAPTCHA
• 076 – Insecure session management
• 091 – Log injection
• 092 – Insecure encryption algorithm - Anonymous cipher suites
• 094 – Insecure encryption algorithm - Cipher Block Chaining
• 096 – Insecure deserialization