Overview
This is the documentation for Ruby vulnerabilities that are detected by GuardRails. The documentation is grouped based on vulnerability category.
OWASP Mapping
OWASP Category | GuardRails Category |
---|---|
A1:2017-Injection | Insecure Use of SQL Queries |
A2:2017-Broken Authentication | N/A |
A3:2017-Sensitive Data Exposure | Insecure Network Communication |
A4:2017-XML External Entities (XXE) | N/A |
A5:2017-Broken Access Control | Insecure Access Control |
A6:2017-Security Misconfiguration | Insecure Configuration |
A7:2017-Cross-Site Scripting (XSS) | Insecure Processing of Data |
A8:2017-Insecure Deserialization | Insecure Processing of Data |
A9:2017-Using Components with Known Vulnerabilities | Using Vulnerable Libraries |
A10:2017-Insufficient Logging & Monitoring | N/A |
Categories
See the child pages for more information:
- Insecure Access Control
- Insecure Configuration
- Insecure File Management
- Insecure Network Communication
- Insecure Processing of Data
- Insecure Use of Dangerous Function
- Insecure Use of Language/Framework API
- Insecure Use of Regular Expressions
- Insecure Use of SQL Queries
- Using Vulnerable Libraries