> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Application Security Rules

> CodeAnt AI detects security vulnerabilities across 25+ programming languages, organized by the OWASP Top 10 2021 security standard. Each rule is mapped to specific CWE identifiers for precise vulnerability classification.

CodeAnt AI's Application Security Database covers the **OWASP Top 10 2021** vulnerability categories across **25+ programming languages and frameworks**. Every detected vulnerability is mapped to its corresponding **CWE (Common Weakness Enumeration)** identifier for precise classification and compliance reporting.

<CardGroup cols={2}>
  <Card title="A01:2021  - Broken Access Control" icon="lock-open" href="/application_rules/a01-broken-access-control">
    Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information d...
  </Card>

  <Card title="A02:2021  - Cryptographic Failures" icon="key" href="/application_rules/a02-cryptographic-failures">
    Failures related to cryptography which often lead to sensitive data exposure. This includes the use of weak or broken cryptographic algorithms, improp...
  </Card>

  <Card title="A03:2021  - Injection" icon="syringe" href="/application_rules/a03-injection">
    Injection flaws occur when an application sends untrusted data to an interpreter as part of a command or query. This includes SQL injection, NoSQL inj...
  </Card>

  <Card title="A04:2021  - Insecure Design" icon="drafting-compass" href="/application_rules/a04-insecure-design">
    Insecure design refers to risks related to flaws in the design and architecture of an application, as distinguished from implementation bugs. This inc...
  </Card>

  <Card title="A05:2021  - Security Misconfiguration" icon="sliders" href="/application_rules/a05-security-misconfiguration">
    Security misconfiguration is the most common issue in application security. This includes insecure default configurations, incomplete configurations, ...
  </Card>

  <Card title="A06:2021  - Vulnerable and Outdated Components" icon="puzzle-piece" href="/application_rules/a06-vulnerable-outdated-components">
    Applications that use components with known vulnerabilities may undermine application defenses and enable various attacks. This includes outdated libr...
  </Card>

  <Card title="A07:2021  - Identification and Authentication Failures" icon="user-lock" href="/application_rules/a07-auth-failures">
    Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks. This includ...
  </Card>

  <Card title="A08:2021  - Software and Data Integrity Failures" icon="shield-check" href="/application_rules/a08-data-integrity-failures">
    Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. This includes insecure dese...
  </Card>

  <Card title="A09:2021  - Security Logging and Monitoring Failures" icon="chart-line" href="/application_rules/a09-logging-monitoring-failures">
    Without logging and monitoring, breaches cannot be detected. Insufficient logging, detection, monitoring, and active response allows attackers to furt...
  </Card>

  <Card title="A10:2021  - Server-Side Request Forgery (SSRF)" icon="globe" href="/application_rules/a10-ssrf">
    SSRF flaws occur when a web application fetches a remote resource without validating the user-supplied URL. This allows attackers to force the applica...
  </Card>
</CardGroup>

***

## Language Coverage

CodeAnt AI detects application security vulnerabilities in the following languages and frameworks:

<CardGroup cols={3}>
  <Card title="Python" icon="python">Django, Flask, FastAPI</Card>
  <Card title="Java" icon="java">Spring, Struts, Servlets</Card>
  <Card title="JavaScript" icon="js">Node.js, Express, React</Card>
  <Card title="TypeScript" icon="js">Angular, NestJS, Next.js</Card>
  <Card title="Go" icon="golang">Gorilla, net/http, Gin</Card>
  <Card title="C#" icon="hashtag">.NET, ASP.NET, Razor</Card>
  <Card title="Ruby" icon="gem">Rails, Sinatra</Card>
  <Card title="PHP" icon="php">Laravel, Symfony, WordPress</Card>
  <Card title="Kotlin" icon="code">Android, Ktor, Spring</Card>
  <Card title="Swift" icon="code">iOS, macOS, Server-side</Card>
  <Card title="Rust" icon="code">Actix, Rocket, Tokio</Card>
  <Card title="C / C++" icon="code">System-level security</Card>
  <Card title="Scala" icon="code">Play, Akka, Spark</Card>
  <Card title="Elixir" icon="code">Phoenix, Plug</Card>
  <Card title="Terraform" icon="cloud">AWS, Azure, GCP</Card>
  <Card title="Dockerfile" icon="docker">Container security</Card>
</CardGroup>