[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Weaknesses in this category are related to improper handling of sensitive information.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Weaknesses in this category are typically introduced during code development, including specification, design, and implementation.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© 2013 SecPod Technologies