elixir
Insecure encryption algorithm - Insecure Elliptic Curve - Elixir
Need Secure encryption Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Crypto package for cryptographic operations in Elixir Description Non compliant code defmodule MyApp.Insecure do def ...
Insecure authentication method - LDAP - Elixir
Need Secure communication with LDAP server Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Elixir's LDAP library for LDAP integration Description Non compliant code defmodule MyApp.Insecure do ...
Insecurely generated token - OTP - Elixir
Need To securely generate OTP and protect it from interception by attackers Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug for building web applications in Elixir Description Non ...
Non-encrypted confidential information - Hexadecimal - Elixir
Need To ensure the confidentiality and integrity of sensitive information by using secure encryption methods. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Elixir's built-in Base module for ...
Use of an insecure channel - HTTP - Elixir
Need To secure the transmission of sensitive data between client and server by using encryption. Context Usage of Elixir (1.12.0 and above) with Phoenix Framework (1.5.7) for building web applications Usage of Phoenix configuration file for ...
Weak credential policy - Temporary passwords - Elixir
Need To prevent unauthorized account access due to weak temporary passwords, which can be easily compromised. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Comeonin package for password ...
Weak credential policy - Password strength - Elixir
Need To prevent unauthorized account access due to weak passwords, which can be easily compromised by brute force or dictionary attacks. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of ...
Technical information leak - Content response - Elixir
Need To prevent unauthorized disclosure of technical details which could be exploited for crafting new attack vectors. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug package for handling ...
Insufficient data authenticity validation - Checksum verification - Elixir
Need To validate the integrity of resources loaded from external sources. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of HTTPoison for making HTTP requests Description Non compliant code ...
Insecure file upload - Files Limit - Elixir
Need To prevent system resources exhaustion by limiting the number of files uploaded and replacing old files with new ones. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework ...
Lack of data validation - Token - Elixir
Need To ensure the integrity and validity of JWT access tokens used for authentication. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of ...
Lack of data validation - OTP - Elixir
Need To prevent unauthorized actions by ensuring the OTP used is valid and used only once. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications ...
Lack of data validation - Special Characters - Elixir
Need To prevent unexpected behavior and potential security risks from unvalidated user input. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications ...
Non-encrypted confidential information - Base 64 - Elixir
Need To secure sensitive information like service credentials. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for web development Usage of Ecto for database interactions ...
Use of insecure channel - Source code - Elixir
Need To protect sensitive information during transmission over a network. Context Usage of Elixir (1.12.0 and above) for building scalable and concurrent applications Usage of Cowboy HTTP server for handling HTTP requests Description Non compliant ...
Lack of protection against brute force attacks - Credentials - Elixir
Need To protect the application against automated attacks aimed at guessing promotional codes. Context Usage of Elixir (1.12.0 and above) for building scalable and concurrent applications Usage of Phoenix Framework for building web applications ...
Lack of data validation - HTML code - Elixir
Need To sanitize and validate input data to prevent HTML injection attacks. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Plug for ...
SQL Injection - Code - Elixir
Need To prevent unauthorized database access and manipulation via SQL Injection. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Ecto ...
Weak credential policy - Password Change Limit - Elixir
Need To prevent denial of service by repeatedly changing user's password. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Ecto for data ...
Business information leak - Financial Information - Elixir
Need To prevent exposure of sensitive business information. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Ecto for data persistence ...
Technical information leak - IPs - Elixir
Need To prevent exposure of internal technical information. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug for building modular web applications Usage of Cowboy as the HTTP server ...
Automatic information enumeration - Personal Information - Elixir
Need To prevent unauthorized access to user's personal information. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for web development Usage of Ecto for database ...
Insecure encryption algorithm - ECB - Elixir
Need Securely encrypt sensitive information. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of crypto module for encryption and decryption Description Non compliant code defmodule MyApp.Crypto ...
Session Fixation - Elixir
Need Prevent session hijacking by securing session cookies. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix framework for web request handling Usage of Plug.Session for session ...
Sensitive Information Sent Via URL Parameters - Session - Elixir
Need Prevent unauthorized access to user sessions. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix framework for web request handling Usage of Guardian for JWT session management ...
Restricted Fields Manipulation - Elixir
Need Ensure data integrity and prevent unauthorized information updates. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Ecto for data access and manipulation Usage of Phoenix framework for ...
Insecure Encryption Algorithm - AES - Elixir
Need Secure encryption of sensitive data. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of crypto module for encryption Description Non compliant code defmodule MyApp.Crypto do def ...
Insecure Encryption Algorithm - TripleDES - Elixir
Need To secure sensitive data using secure encryption algorithms. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of crypto module for encryption Description Non compliant code defmodule ...
Insecure Encryption Algorithm - MD5 - Elixir
Need To secure user passwords using cryptographically secure hashing algorithms. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Ecto (3.6.2 and above) for database query and manipulation ...
Insecure Encryption Algorithm - SHA1 - Elixir
Need To secure the information transmitted between the client and the server using cryptographically secure algorithms. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug (1.11.1 and above) ...
Insecure Encryption Algorithm - DSA - Elixir
Need To secure the information transmitted between the client and the server using cryptographically secure algorithms. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug (1.11.1 and above) ...
Automatic Information Enumeration - Credit Cards - Elixir
Need To prevent the listing and exposure of credit card information by implementing proper validation. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Ecto (3.6.2 and above) for database query ...
Non-encrypted Confidential Information - Credentials - Elixir
Need To ensure sensitive information such as API keys and passwords are not included in plain text in the source code. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Ecto (3.6.2 and above) ...
Non-encrypted Confidential Information - LDAP - Elixir
Need Ensure that LDAP service credentials are encrypted. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Exldap (0.5.7 and above) for LDAP integration Usage of Cloak for data encryption and ...
Non-encrypted Confidential Information - Database - Elixir
Need Ensure that user query information stored in the database is encrypted. Context Usage of Elixir (1.12.0 and above) for building scalable and concurrent applications Usage of Ecto (3.7.1 and above) for database query and manipulation Usage of ...
Non-encrypted Confidential Information - Credit Cards - Elixir
Need Ensure that credit card information is encrypted both during transport and at rest. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug (1.12.0 and above) for building composable web ...
Authentication Mechanism Absence or Evasion - OTP - Elixir
Need Ensure that OTPs are validated properly during user registration. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications (version 1.6.0 and above) ...
Technical Information Leak - Errors - Elixir
Need Prevent exposing technical information through server error messages. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications (version 1.6.0 and ...
Technical Information Leak - API - Elixir
Need Prevent exposing GraphQL API Schema Structure to unauthorized users. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Absinthe for building GraphQL APIs in Elixir Description Non compliant ...
Technical Information Leak - Headers - Elixir
Need Prevent exposing server details through HTTP response headers. Context Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications Usage of Plug (1.12.0 and above) for building composable web applications in Elixir ...
Next page