CURRENT SECURITY RULES
Comprehensive coverage of common security vulnerabilities with detailed explanations and remediation guidance.
SQL Injection
Detects SQL injection vulnerabilities where user input is directly concatenated into SQL queries.
XSS Detection
Identifies Cross-Site Scripting vulnerabilities where user input is rendered without proper sanitization.
Exposed Secrets
Finds exposed API keys, passwords, tokens, and other sensitive credentials in source code.
Directory Traversal
Detects path traversal attacks where attackers can access files outside intended directories.
CSRF Protection
Identifies missing CSRF protection in web applications that handle state-changing requests.
Insecure Dependencies
Checks for known vulnerable dependencies and outdated packages with security issues.
Missing Authentication
Identifies endpoints and resources that lack proper authentication mechanisms.
Broken Access Control
Detects authorization bypasses and improper access control implementations.
Insecure Logging
Identifies logging of sensitive information like passwords, tokens, and personal data.
Unvalidated Input
Detects user input that lacks proper validation, sanitization, or type checking.
Insecure HTTP
Identifies usage of HTTP instead of HTTPS for transmitting sensitive data.
Missing Security Headers
Checks for missing security headers like CSP, HSTS, X-Frame-Options, and others.
Open CORS
Detects overly permissive CORS configurations that allow unauthorized cross-origin requests.
Insecure File Upload
Identifies file upload vulnerabilities that could allow malicious file execution.
Insecure Deserialization
Detects unsafe deserialization of user-controlled data that could lead to code execution.
Insecure Error Handling
Identifies error messages that leak sensitive information about the application.
Insecure Random Generation
Detects usage of cryptographically weak random number generators for security purposes.
Insecure Session Management
Identifies weak session management practices like predictable session IDs.
Hardcoded Sensitive Data
Finds hardcoded passwords, API keys, and other sensitive data in source code.
Insecure Configuration
Identifies insecure configuration settings that could compromise application security.
Prompt Injection Detection
Detects potential prompt injection vulnerabilities in AI-powered applications.
AI-Generated Code Validation
Identifies potential security issues in AI-generated code that may lack proper validation.
AI Agent Access Control
Detects missing access controls for AI agents that could lead to unauthorized actions.
AI Data Leakage Prevention
Identifies potential data leakage vulnerabilities in AI systems and applications.
MCP Server Security
Detects security vulnerabilities in Model Context Protocol (MCP) server implementations.
Kubernetes Security
Detects security misconfigurations in Kubernetes manifests including privileged containers, root users, and dangerous capabilities.
Dockerfile Security
Identifies security vulnerabilities in Dockerfiles including root user execution, latest tags, and insecure configurations.
Container Registry Security
Detects container registry security misconfigurations including missing image digests, insecure registries, and missing scanning.