Checklist
- Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’).
- Buffer Copy without Checking the Size of Input (‘Classic Buffer Overflow’).
- Missing Authentication for Critical Function.
- Missing or Incorrect Authorization.
- Use of Hard-coded Credentials.
- Missing Encryption of Sensitive Data.
- Unrestricted Upload of File with Dangerous Type.
- Reliance on Untrusted Inputs in a Security Decision.
- Execution with Unnecessary Privileges.
- Cross-Site Request Forgery (CSRF).
- Download of Code Without Integrity Check.
- Incorrect Calculation of Buffer Size.
- Improper Restriction of Excessive Authentication Attempts.
- URL Redirection to Untrusted Site (‘Open Redirect’).
- Uncontrolled Format String.
- Use of a One-Way Hash without a Salt.