Knowledge Base
Security vulnerability encyclopedia. Each entry includes what the vulnerability is, why it matters, how to detect it, and how to fix it — with real code examples.
Authentication (2 entries)
Broken Authentication
CriticalBroken Authentication encompasses flaws in authentication mechanisms that allow attackers to compromise passwords, session tokens, or exploit implementation flaws to assume other users' identities.
Hardcoded Credentials and Secrets
HighHardcoded credentials occur when passwords, API keys, cryptographic keys, or other secrets are embedded directly in source code, configuration files, or build artifacts, making them accessible to anyone with code access.
Injection (5 entries)
OS Command Injection
CriticalOS Command Injection occurs when an application passes unsanitized user input to a system shell, allowing attackers to execute arbitrary commands on the host operating system. Learn how to detect and prevent command injection across languages.
SQL Injection (SQLi)
CriticalSQL Injection occurs when untrusted input is concatenated into SQL queries, allowing attackers to read, modify, or delete database contents. Learn how to detect and prevent SQLi across languages.
Cross-Site Scripting (XSS)
HighXSS occurs when applications include untrusted data in web pages without proper encoding, allowing attackers to execute malicious scripts in victims' browsers.
Server-Side Request Forgery (SSRF)
HighServer-Side Request Forgery occurs when an attacker can make a server-side application send HTTP requests to an attacker-chosen destination, enabling access to internal services, cloud metadata, and internal networks.
XML External Entity (XXE) Injection
HighXML External Entity (XXE) injection occurs when an application parses XML input containing references to external entities, allowing attackers to read local files, perform SSRF, or cause denial of service.