ruby
Security controls bypass or absence - Fingerprint - Ruby
Need Implementation of robust security controls for fingerprint identification Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Description Non compliant code class ...
Use of software with known vulnerabilities in environments - Ruby
Need Updating software and dependencies to versions without known vulnerabilities Context Usage of Ruby 2.2.2 as the programming language for development Usage of Rails framework for building web applications Usage of Nokogiri for HTML and XML ...
Client-side template injection - Ruby
Need Prevention of client-side template injection attacks Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Inappropriate coding practices - relative path command - Ruby
Need Enforcement of secure coding practices and absolute path definitions Context Usage of Ruby for building dynamic and object-oriented applications Usage of a custom command "some_command" in the bin directory Description Non compliant code def ...
Universal cross-site scripting (UXSS) - Ruby
Need Prevention of universal cross-site scripting attacks Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in a Node.js ...
Inappropriate coding practices - invalid file - Ruby
Need Enforcement of proper file validation and verification Context Usage of Ruby for building web applications and scripting Usage of Rails framework for building web applications Description Non compliant code def upload_file uploaded_io = ...
Inappropriate coding practices - System exit - Ruby
Need Prevention of unauthorized access to system exit functions Context Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code def shutdown_system exit end In the above code snippet, a method ...
Server side template injection - Ruby
Need Prevention of server-side template injection attacks Context Requirement of Ruby version 2.5.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Insecure encryption algorithm - Insecure Elliptic Curve - Ruby
Need Secure encryption algorithm with strong elliptic curves Context Usage of Ruby for building web applications and scripting Usage of OpenSSL for secure communication and encryption Description Non compliant code require 'openssl' private_key = ...
Password reset poisoning - Ruby
Need Prevention of unauthorized access through manipulated password reset links Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Usage of ActiveRecord for ...
Insecure encryption algorithm - Default encryption - Ruby
Need Implementation of Customer Controlled Keys (CMK) for encryption Context Usage of Ruby for building dynamic and object-oriented applications Usage of aws-sdk for interacting with Amazon Web Services (AWS) services Description Non compliant code ...
OS Command Injection - Ruby
Need Prevention of OS command injection attacks Context Usage of Ruby for building web applications and scripting Usage of params for handling request parameters in a Node.js application Usage of render for server-side rendering in web development ...
Insecure authentication method - LDAP - Ruby
Need Secure authentication method for LDAP Context Usage of Ruby for building dynamic and object-oriented applications Usage of net-ldap for LDAP (Lightweight Directory Access Protocol) integration Description Non compliant code require 'net/ldap' ...
Insecure generation of random numbers - Static IV - Ruby
Need Secure generation of random numbers and dynamic initialization vectors Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Description Non compliant code require ...
Use of software with known vulnerabilities in development - Ruby
Need Mitigation of known vulnerabilities in software and dependencies used in development Context Usage of Ruby 2.2.2 as the programming language for development Usage of Rails framework for building web applications Usage of Rack for building web ...
Inappropriate coding practices - Unused properties - Ruby
Need Elimination of unused properties in the application code Context Usage of Ruby version 2.0 or higher for Ruby development Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description Non compliant code class User ...
Insecure authentication method - NTLM - Ruby
Need Secure authentication method implementation Context Usage of Ruby for building dynamic and object-oriented applications Usage of net-ntlm for NTLM authentication in network communication Usage of net-http for handling HTTP requests and responses ...
Insecurely generated token - OTP - Ruby
Need Secure generation and transmission of OTP tokens Context Usage of Ruby 2.7.0 for Ruby programming Usage of Rails framework for building web applications Description Non compliant code class OtpController < ApplicationController def generate_otp ...
Insufficient data authenticity validation - Front bypass - Ruby
Need Enhancement of data authenticity validation to prevent front bypass Context Usage of Ruby 2.7.0 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code # ...
Security controls bypass or absence - Reversing Protection - Ruby
Need Implementation of robust anti-reverse engineering protections Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails framework for web application development Description Non compliant code class ...
Security controls bypass or absence - Tampering Protection - Ruby
Need Ensuring the integrity and authenticity of the application to prevent tampering and bypassing security controls. Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionController for handling actions and ...
Use of an insecure channel - HTTP - Ruby
Need Secure transmission of client information Context Usage of Ruby for building web applications and scripting Usage of Rails for building web applications Description Non compliant code # config/environments/production.rb ...
DOM-Based cross-site scripting (XSS) - Ruby
Need Prevention of cross-site scripting (XSS) attacks Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Insecure object reference - User deletion - Ruby
Need Secure user deletion process and session management Context Usage of Ruby 2.7.2 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Weak credential policy - Temporary passwords - Ruby
Need Enhancement of temporary password security policies Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails for building web applications Description Non compliant code class UsersController < ApplicationController def ...
Weak credential policy - Password strength - Ruby
Need Implementation of a strong password policy Context Usage of Ruby 2.3+ as the required version for running the application Usage of bcrypt for password hashing and encryption Description Non compliant code class User < ApplicationRecord ...
Technical information leak - Content response - Ruby
Need Prevention of unauthorized disclosure of technical information Context Usage of Ruby programming language for web development Usage of Rails framework for building web applications Description Non compliant code # ...
Sensitive information in source code - Credentials - Ruby
Need Protection of sensitive information in source code Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code class ...
Insufficient data authenticity validation - Checksum verification - Ruby
Need Ensure data authenticity through proper checksum verification Context Usage of Ruby for building web applications and scripting Usage of net/http for creating HTTP servers in a Node.js application Usage of URI for manipulating and working with ...
Insecure file upload - Files Limit - Ruby
Need Enforce file upload limits and implement proper file management Context Usage of Ruby for developing web applications and scripting Usage of Ruby on Rails for building web applications Description Non compliant code class UploadsController < ...
Lack of data validation - Token - Ruby
Need Implementation of proper data validation for JWT access tokens Context Usage of Ruby for building web applications and scripting Usage of JWT for secure authentication and authorization Description Non compliant code require 'jwt' class ...
Automatic information enumeration - Corporate information - Ruby
Need Prevention of automatic enumeration of corporate information Context Requirement of Ruby version 2.5.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class ...
Technical information leak - Credentials - Ruby
Need Protection of sensitive credentials from being exposed Context Requirement of Ruby 2.0 or later for running the application Usage of Rails framework for building web applications Description Non compliant code class LoginController < ...
Security controls bypass or absence - Session Invalidation - Ruby
Need Implementation of proper session invalidation mechanisms Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Lack of data validation - Non Sanitized Variables - Ruby
Need Implementation of proper data validation and sanitization Context Usage of Ruby for building dynamic and object-oriented applications Usage of system for low-level operating system interactions Description Non compliant code def ...
Lack of data validation - OTP - Ruby
Need Implementation of proper data validation for OTP tokenCode parameter Context Usage of Ruby 2.7.0 for Ruby programming and development Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web ...
Lack of data validation - Special Characters - Ruby
Need Implementation of data validation to prevent the entry of special characters in fields Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant ...
Insecure session management - CSRF Fixation - Ruby
Need Secure session management and protection against CSRF Fixation Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class ...
Lack of protection against brute force attacks - Credentials - Ruby
Need Implementation of a robust and secure mechanism to prevent brute force attacks on promotional codes. Context Usage of Ruby 2.7.0 as the programming language for development Usage of Ruby on Rails for web application development Description Non ...
Insecure or unset HTTP headers - Content-Type - Ruby
Need Enforce secure and properly set HTTP headers, including the Content-Type header, in server responses. Context Requirement of Ruby 2.0 or later for running the application Usage of Rails framework for building web applications Description Non ...
Next page