Vulnerabilities
The GuardRails platform takes an opinionated approach by default, which means that we focus on providing security that doesn't get in your way.
To that end, GuardRails differentiates between Findings and Vulnerabilities.
This page describes what constitutes a Vulnerability.
All security issues that engines provide and that are both enabled (aka curated) and pass the expert system (aka not a false positive) will be shown under vulnerabilities. Every vulnerability can manually be marked as false positive (amongst other actions).
OWASP Mapping
| OWASP Category | GuardRails Category |
|---|---|
| A01:2021 - Broken Access Control | Insecure Access Control |
| A02:2021 - Cryptographic Failures | Insecure Use of Crypto |
| A03:2021 - Injection | Insecure Use of SQL Queries |
| A04:2021 - Insecure Design | N/A |
| A05:2021 - Security Misconfiguration | Insecure Configuration |
| A06:2021 - Vulnerable and Outdated Components | Using Vulnerable Libraries |
| A07:2021 - Identification and Authentication Failures | Insecure Authentication |
| A08:2021 - Software and Data Integrity Failures | Insecure Processing of Data |
| A09:2021 - Security Logging and Monitoring Failures | N/A |
| A10:2021 - Server-Side Request Forgery (SSRF) | Insecure Processing of Data |