CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
        • Dotnet-core
        • Dotnet
          • Security
          • Security
        • Jwt-dotnet
        • Lang
        • Mongo
        • Postgres
        • Razor
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    • Open Source
    • Blogs
    Dotnet

    Security

    mvc-missing-antiforgery

    $METHOD is a state-changing MVC method that does not validate the antiforgery token or do strict content-type checking. State-changing controller methods should either enforce antiforgery tokens or do strict content-type checking to prevent simple HTTP request types from bypassing CORS preflight controls.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-352: Cross-Site Request Forgery (CSRF)
    OWASP:
    - A01:2021 - Broken Access Control

    web-config-insecure-cookie-settings

    Cookie Secure flag is explicitly disabled. You should enforce this value to avoid accidentally presenting sensitive cookie values over plaintext HTTP connections.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
    OWASP:
    - A05:2021 - Security Misconfiguration

    use_weak_rsa_encryption_padding

    You are using the outdated PKCS#1 v1.5 encryption padding for your RSA key. Use the OAEP padding instead.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-780: Use of RSA Algorithm without OAEP
    OWASP:
    - A02:2021 - Cryptographic Failures

    use_weak_rng_for_keygeneration

    You are using an insecure random number generator (RNG) to create a cryptographic key. System.Random must never be used for cryptographic purposes. Use System.Security.Cryptography.RandomNumberGenerator instead.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    OWASP:
    - A02:2021 - Cryptographic Failures

    use_ecb_mode

    Usage of the insecure ECB mode detected. You should use an authenticated encryption mode instead, which is implemented by the classes AesGcm or ChaCha20Poly1305.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A02:2021 - Cryptographic Failures

    net-webconfig-trace-enabled

    OWASP guidance recommends disabling tracing for production applications to prevent accidental leakage of sensitive application information.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-1323: Improper Management of Sensitive Trace Data
    OWASP:
    - A
    - 0
    - 5
    - :
    - 2
    - 0
    - 2
    - 1
    -

    - -
    -

    - S
    - e
    - c
    - u
    - r
    - i
    - t
    - y
    -

    - M
    - i
    - s
    - c
    - o
    - n
    - f
    - i
    - g
    - u
    - r
    - a
    - t
    - i
    - o
    - n

    razor-template-injection

    User-controllable string passed to Razor.Parse. This leads directly to code execution in the context of the process.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-94: Improper Control of Generation of Code (‘Code Injection’)
    OWASP:
    - A03:2021 - Injection

    net-webconfig-debug

    ASP.NET applications built with debug set to true in production may leak debug information to attackers. Debug mode also affects performance and reliability. Set debug to false or remove it from <compilation ... />
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-11: ASP.NET Misconfiguration: Creating Debug Binary
    OWASP:
    - A05:2021 - Security Misconfiguration

    use_deprecated_cipher_algorithm

    Usage of deprecated cipher algorithm detected. Use Aes or ChaCha20Poly1305 instead.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A02:2021 - Cryptographic Failures
    Xml dtd allowedAudit
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.