Categories

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

The software does not encrypt sensitive or critical information before storage or transmission.

The software does not properly verify that the source of data or communication is valid.

According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack.

The product makes files or directories accessible to unauthorized actors, even though they should not be.

The software does not correctly convert an object, resource, or structure from one type to a different type.

The program does not release or incorrectly releases a resource before it is made available for re-use.

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.