Coverage
Technical coverage information related to CodeScan Developer
ASP.NET
- Check for Blank SQL Server Password Use
- Check for SQL Server Administrative Account Use
- Arbitrary Page Execution through Server.Execute
- Arbitrary Page Execution through Server.Transfer
- Cross Site Scripting through Direct Output
- Cross Site Scripting through Response.Write
- HTTP Response Splitting through Response.AddHeader
- HTTP Response Splitting through Response.AppendHeader
- Site Redirection through Response.Redirect
- Randomize Used with User Supplied Seed
- Arbitrary File Access through File.AppendAllText
- Arbitrary File Access through File.AppendText
- Arbitrary File Access through File.Copy
- Arbitrary File Access through File.Create
- Arbitrary File Access through File.CreateText
- Arbitrary File Access through File.Delete
- Arbitrary File Access through File.Exists
- Arbitrary File Access through File.Move
- Arbitrary File Access through File.Open
- Arbitrary File Access through File.OpenRead
- Arbitrary File Access through File.OpenText
- Arbitrary File Access through File.OpenWrite
- Arbitrary File Access through File.ReadAllBytes
- Arbitrary File Access through File.ReadAllLines
- Arbitrary File Access through File.ReadAllText
- Arbitrary File Access through File.Replace
- Arbitrary File Access through File.WriteAllBytes
- Arbitrary File Access through File.WriteAllLines
- Arbitrary File Access through File.WriteAllText
- Arbitrary File Access through StreamWriter.WriteLine
- Arbitrary Object Creation through Server.Createobject
- Dangerous Configuration Setting
- Missing Configuration Setting
- Arbitrary Database Access through ADODB.Connection #1
- Arbitrary Database Access through ADODB.Connection #2
- Arbitrary File Writing through ADODB.Recordset
- SQL Injection through ADODB.Command
- SQL Injection through ADODB.Connection
- SQL Injection through ADODB.Recordset #1
- SQL Injection through ADODB.Recordset #2
- SQL Injection through DataSource Controls
- SQL Injection through new OdbcCommand
- SQL Injection through new OdbcDataAdapter
- SQL Injection through new OleDbCommand
- SQL Injection through new OleDbDataAdapter
- SQL Injection through new OracleCommand
- SQL Injection through new SqlCommand
- SQL Injection through new SqlDataAdapter
- SXSS through DataSource Controls
- Stored HTTP Response Splitting through Response.AddHeader
- Stored HTTP Response Splitting through Response.AppendHeader
- Stored Site Redirection through Response.Redirect
- Stored XSS through Databinder.Eval
- Stored XSS through Direct Output
- Stored XSS through Response.Write
Authorization and Authentication
Command Execution
Cross Site Scripting
Encryption
File Access
General
SQL Injection
Stored XSS Input
Stored XSS Output
ASP
- Check for Blank SQL Server Password Use
- Check for SQL Server Administrative Account Use
- Arbitrary Page Execution through server.execute
- Arbitrary Page Execution through server.transfer
- Command Execution through eval
- Command Execution through execute
- Command Execution through executeglobal
- Command Execution through wscript.shell.exec
- Command Execution through wscript.shell.run
- Cross Site Scripting through Direct Output
- Cross Site Scripting through response.write
- HTTP Response Splitting through response.addheader
- Site Redirection through response.redirect
- Randomize Used with User Supplied Seed
- Arbitrary File Access through scripting.filesystemobject.opentextfile
- Arbitrary File Deletion through scripting.filesystemobject.deletefile
- Arbitrary File Existence Disclosure through getobject
- Arbitrary File Existence Disclosure through loadpicture
- Arbitrary File Writing through textstream.write
- Arbitrary File Writing through textstream.writeline
- Arbitrary Folder Access through scripting.filesystemobject.getfolder
- Arbitrary Folder Creation through scripting.filesystemobject.createfolder
- Arbitrary Folder Deletion through scripting.filesystemobject.deletefolder
- Arbitrary Object Creation through createobject
- Arbitrary Object Creation through server.createobject
- Path Manipulation through scripting.filesystemobject.buildpath
- Arbitrary File Sending through CDONTs Mailer (AttachFile)
- Arbitrary File Sending through CDONTs Mailer (AttachURL)
- Mail Relay through CDONTs Mailer 'Bcc' Field
- Mail Relay through CDONTs Mailer 'Cc' Field
- Mail Relay through CDONTs Mailer 'From' Field
- Mail Relay through CDONTs Mailer Send Method
- Mail Relay through CDONTs Mailer Subject Field
- Mail Relay Through CDONTs Mailer 'To' Field
- Mail Relay through CDOSYS Mailer AddAttachment Method
- Mail Relay through CDOSYS Mailer 'Bcc' Field
- Mail Relay through CDOSYS Mailer 'Cc' Field
- Mail Relay through CDOSYS Mailer Configuration Field
- Mail Relay through CDOSYS Mailer CreateMHTMLBody Method
- Mail Relay through CDOSYS Mailer 'From' Field
- Mail Relay through CDOSYS Mailer HTMLBody Field
- Mail Relay through CDOSYS Mailer Send Method
- Mail Relay through CDOSYS Mailer Subject Field
- Mail Relay through CDOSYS Mailer TextBody Field
- Mail Relay through CDOSYS Mailer 'To' Field
- Arbitrary Database Access through ADODB.connection #1
- Arbitrary Database Access through ADODB.connection #2
- Arbitrary File Writing through ADODB.recordset
- SQL Injection through ADODB.command
- SQL Injection through ADODB.connection
- SQL Injection through ADODB.recordset
- SXSS through ADODB.Command.Execute
- SXSS through ADODB.Parameters.Append
- Stored HTTP Response Splitting through response.addheader
- Stored Site Redirection through response.redirect
- Stored XSS through Direct Output
- Stored XSS through response.write
Authorization and Authentication
Command Execution
Cross Site Scripting
Encryption
File Access
Mail Relay
SQL Injection
Stored XSS Input
Stored XSS Output
PHP
- DB2 Hard-coded Password Use with db2_connect
- DB2 Hard-coded Password Use with db2_pconnect
- DB2 Privileged Account Use with db2_connect
- DB2 Privileged Account Use with db2_pconnect
- Default Password Use with mysql_connect
- Default Password Use with mysql_pconnect
- Default Password Use with mysqli_connect
- Default Password Use with mysqli_real_connect
- Hard-coded Password Use with new PDO
- MySQL Privileged Account Use with mysql_connect
- MySQL Privileged Account Use with mysql_pconnect
- MySQL Privileged Account Use with mysqli_connect
- MySQL Privileged Account Use with mysqli_real_connect
- Oracle Hard-coded Password Use with ora_logon
- Oracle Hard-coded Password Use with ora_plogon
- Oracle OCI8 Hard-coded Password Use with oci_connect
- Oracle OCI8 Hard-coded Password Use with oci_new_connect
- Oracle OCI8 Hard-coded Password Use with oci_pconnect
- Oracle OCI8 Privileged Account Use with oci_connect
- Oracle OCI8 Privileged Account Use with oci_new_connect
- Oracle OCI8 Privileged Account Use with oci_pconnect
- Oracle Privileged Account Use with ora_logon or ora_plogon
- PDO Privileged Account Use
- PostgreSQL Privileged Account Use with pg_connect
- PostgreSQL Privileged Account Use with pg_pconnect
- SQL Server Hard-coded Password Use with mssql_connect
- SQL Server Hard-coded Password Use with mssql_pconnect
- SQL Server Hard-coded Password Use with odbc_connect
- SQL Server Hard-coded Password Use with odbc_pconnect
- SQL Server Privileged Account Use with mssql_connect
- SQL Server Privileged Account Use with mssql_pconnect
- SQL Server Privileged Account Use with odbc_connect
- SQL Server Privileged Account Use with odbc_pconnect
- Arbitrary Page Execution through include
- Arbitrary Page Execution through include_once
- Arbitrary Page Execution through require
- Arbitrary Page Execution through require_once
- Command Execution through exec
- Command Execution through passthru
- Command Execution through popen
- Command Execution through preg_replace
- Command Execution through proc_open
- Command Execution through shell_exec
- Command Execution through system
- PHP Code Execution through eval
- Cross Site Scripting through =
- Cross Site Scripting through echo
- Cross Site Scripting through print
- Cross Site Scripting through printf
- Cross Site Scripting through vprintf
- HTTP Response Splitting via header
- Weak Cipher Used with mcrypt_encrypt
- Weak Mode Used with mcrypt_encrypt
- Arbitrary File Reading through fgetc
- Arbitrary File Reading through fgetcsv
- Arbitrary File Reading through fgets
- Arbitrary File Reading through fgetss
- Arbitrary File Reading through file
- Arbitrary File Reading through file_get_contents
- Arbitrary File Reading through fread
- Arbitrary File Reading through readfile
- Arbitrary File Reading through sqlite_open
- Arbitrary File Reading through sqlite_popen
- Directory Deletion through rmdir
- File Deletion through ftruncate
- File Deletion through unlink
- File Writing through file_put_contents
- File Writing through fputcsv
- File Writing through fputs
- File Writing through fwrite
- File Upload Detected
- Information Disclosure through phpinfo
- Potentially Dangerous Modification of Runtime Configuration Detected
- Mail Relay through imap_mail
- Mail Relay through mail Command
- Call to create_function
- Use of Deprecated Global Variables
- SQL Injection in DB2 through db2_exec
- SQL Injection in DB2 through db2_prepare and db2_execute
- SQL Injection in mSQL through msql
- SQL Injection in mSQL through msql_db_query
- SQL Injection in mSQL through msql_query
- SQL Injection in MySQL through mysql_db_query
- SQL Injection in MySQL through mysql_query
- SQL Injection in MySQL through mysql_unbuffered_query
- SQL Injection in MySQL through mysqli_multi_query
- SQL Injection in MySQL through mysqli_prepare and mysqli_stmt_execute
- SQL Injection in MySQL through mysqli_query
- SQL Injection in MySQL through mysqli_real_query
- SQL Injection in MySQL through mysqli->multi_query
- SQL Injection in MySQL through mysqli->prepare and mysqli_stmt->execute
- SQL Injection in MySQL through mysqli->query
- SQL Injection in MySQL through mysqli->real_query
- SQL Injection in Oracle through oci_parse and oci_execute (OCI8 )
- SQL Injection in Oracle through ociparse and ociexecute (OCI8)
- SQL Injection in Oracle through ora_do
- SQL Injection in Oracle through ora_parse and ora_exec
- SQL Injection in PostgreSQL through pg_prepare and pg_execute
- SQL Injection in PostgreSQL through pg_query
- SQL Injection in PostgreSQL through pg_query_params
- SQL Injection in PostgreSQL through pg_send_prepare and pg_send_execute
- SQL Injection in PostgreSQL through pg_send_query
- SQL Injection in PostgreSQL through pg_send_query_params
- SQL Injection in SQL Server through mssql_query
- SQL Injection in SQL Server through odbc_exec
- SQL Injection in SQL Server through odbc_prepare and odbc_execute
- SQL Injection in SQLite through sqlite_exec
- SQL Injection in SQLite through sqlite_query
- SQL Injection through PDO->exec
- SQL Injection through PDO->prepare and PDOStatement->execute
- SQL Injection through PDO->query
- SXSS through mysqli_stmt_bind_param
- SXSS through mysqli_stmt->bind_param
- SXSS through mysqli->prepare
- SXSS through oci_bind_by_name
- SXSS through oci_parse
- SXSS through pdo->prepare
- SXSS through pdostatement->bind_param
- SXSS through pg_send_prepare
- SXSS through pg_update
- Stored HTTP Response Splitting via header
- Stored XSS through =
- Stored XSS through echo
- Stored XSS through print
- Stored XSS through printf
- Stored XSS through vprintf
Follow @
