Skip to main content


The GuardRails platform takes an opinionated approach by default, which means that we focus on providing security that doesn't get in your way.

To that end, GuardRails differentiates between Findings and Vulnerabilities.

This page describes what constitutes a Vulnerability.

All security issues that engines provide and that are both enabled (aka curated) and pass the expert system (aka not a false positive) will be shown under vulnerabilities. Every vulnerability can manually be marked as false positive (amongst other actions).

OWASP Mapping

OWASP CategoryGuardRails Category
A01:2021 - Broken Access ControlInsecure Access Control
A02:2021 - Cryptographic FailuresInsecure Use of Crypto
A03:2021 - InjectionInsecure Use of SQL Queries
A04:2021 - Insecure DesignN/A
A05:2021 - Security MisconfigurationInsecure Configuration
A06:2021 - Vulnerable and Outdated ComponentsUsing Vulnerable Libraries
A07:2021 - Identification and Authentication FailuresInsecure Authentication
A08:2021 - Software and Data Integrity FailuresInsecure Processing of Data
A09:2021 - Security Logging and Monitoring FailuresN/A
A10:2021 - Server-Side Request Forgery (SSRF)Insecure Processing of Data