Information Collection
009. Sensitive information in source code011. Use of software with known vulnerabilities016. Insecure encryption algorithm - SSL/TLS017. Sensitive information sent insecurely019. Administrative credentials stored in cache memory020. Non-encrypted confidential information022. Use of an insecure channel025. Call interception026. User enumeration028. Insecure temporary files030. Sensitive information sent via URL parameters036. ViewState not encrypted037. Technical information leak038. Business information leak040. Exposed web services046. Missing secure obfuscation - APK047. Automatic information enumeration052. Insecure encryption algorithm054. Exposed administrative services059. Sensitive information stored in logs066. Technical information leak - Console functions069. Weak CAPTCHA080. Business information leak - Customers or providers082. Insecurely deleted files085. Sensitive data stored in client-side storage092. Insecure encryption algorithm - Anonymous cipher suites094. Insecure encryption algorithm - Cipher Block Chaining099. Non-encrypted confidential information - S3 Server Side Encryption116. XS-Leaks119. Metadata with sensitive information125. Directory listing133. Insecure encryption algorithm - Perfect Forward Secrecy142. Sensitive information in source code - API Key147. Insecure encryption algorithm - SSLContext148. Use of an insecure channel - FTP149. Use of an insecure channel - SMTP150. Use of an insecure channel - useSslProtocol()151. Use of an insecure channel - Telnet161. Missing secure obfuscation162. Missing secure obfuscation - binary213. Business information leak - JWT214. Business information leak - Credentials215. Business information leak - Repository216. Business information leak - Source Code217. Business information leak - Credit Cards218. Business information leak - Network Unit219. Business information leak - Redis220. Business information leak - Token221. Business information leak - Users222. Business information leak - DB223. Business information leak - JFROG224. Business information leak - AWS225. Business information leak - Azure226. Business information leak - Personal Information227. Business information leak - NAC228. Business information leak - Analytics229. Business information leak - Power BI230. Business information leak - Firestore232. Technical information leak - Angular234. Technical information leak - Stacktrace235. Technical information leak - Headers236. Technical information leak - SourceMap237. Technical information leak - Print Functions238. Technical information leak - API239. Technical information leak - Errors245. Non-encrypted confidential information - Credit Cards246. Non-encrypted confidential information - DB247. Non-encrypted confidential information - AWS248. Non-encrypted confidential information - LDAP249. Non-encrypted confidential information - Credentials250. Non-encrypted hard drives251. Non-encrypted confidential information - JFROG252. Automatic information enumeration - Open ports253. Automatic information enumeration - AWS254. Automatic information enumeration - Credit Cards261. Insecure encryption algorithm - DSA262. Insecure encryption algorithm - SHA1263. Insecure encryption algorithm - MD5264. Insecure encryption algorithm - TripleDES265. Insecure encryption algorithm - AES266. Excessive Privileges - Docker269. Insecure encryption algorithm - Blowfish275. Non-encrypted confidential information - Local data276. Sensitive information sent via URL parameters - Session281. Use of an insecure channel - Cloud Infrastructure282. Insecure encryption algorithm - ECB283. Automatic information enumeration - Personal Information284. Non-encrypted confidential information - Base 64289. Technical information leak - Logs290. Technical information leak - IPs291. Business information leak - Financial Information326. Sensitive information in source code - Dependencies331. User Enumeration - Wordpress332. Use of insecure channel - Source code336. Business information leak - Corporate information342. Technical information leak - Alert349. Technical information leak - Credentials351. Automatic information enumeration - Corporate information359. Sensitive information in source code - Credentials367. Sensitive information in source code - Git history372. Use of an insecure channel - HTTP373. Use of an insecure channel - Oracle Database378. Non-encrypted confidential information - Hexadecimal385. Non-encrypted confidential information - Keys406. Non-encrypted confidential information - EFS407. Non-encrypted confidential information - EBS Volumes409. Non-encrypted confidential information - DynamoDB421. Insecure encryption algorithm - Insecure Elliptic Curve427. Use of an insecure channel - Docker433. Non-encrypted confidential information - Redshift Cluster435. Use of software with known vulnerabilities in environments439. Sensitive information in source code - IP441. Non-encrypted confidential information - Azure448. Use of software with malware