Overview

This is the documentation for Ruby vulnerabilities that are detected by GuardRails. The documentation is grouped based on vulnerability category.

OWASP Mapping

OWASP CategoryGuardRails Category
A1:2017-InjectionInsecure Use of SQL Queries
A2:2017-Broken AuthenticationN/A
A3:2017-Sensitive Data ExposureInsecure Network Communication
A4:2017-XML External Entities (XXE)N/A
A5:2017-Broken Access ControlInsecure Access Control
A6:2017-Security MisconfigurationInsecure Configuration
A7:2017-Cross-Site Scripting (XSS)Insecure Processing of Data
A8:2017-Insecure DeserializationInsecure Processing of Data
A9:2017-Using Components with Known VulnerabilitiesUsing Vulnerable Libraries
A10:2017-Insufficient Logging & MonitoringN/A

Categories

See the child pages for more information:

Recommended Resources

Using Vulnerable LibrariesInsecure Access Control