The GuardRails platform takes an opinionated approach by default, which means that we focus on providing security that doesn't get in your way.
To that end, GuardRails differentiates between
This page describes what constitutes a
All security issues that engines provide and that are both enabled (aka curated) and pass the expert system (aka not a false positive) will be shown under
vulnerability can manually be marked as false positive (amongst other actions).
|OWASP Category||GuardRails Category|
|A01:2021 - Broken Access Control||Insecure Access Control|
|A02:2021 - Cryptographic Failures||Insecure Use of Crypto|
|A03:2021 - Injection||Insecure Use of SQL Queries|
|A04:2021 - Insecure Design||N/A|
|A05:2021 - Security Misconfiguration||Insecure Configuration|
|A06:2021 - Vulnerable and Outdated Components||Using Vulnerable Libraries|
|A07:2021 - Identification and Authentication Failures||Insecure Authentication|
|A08:2021 - Software and Data Integrity Failures||Insecure Processing of Data|
|A09:2021 - Security Logging and Monitoring Failures||N/A|
|A10:2021 - Server-Side Request Forgery (SSRF)||Insecure Processing of Data|