Skip to main content
The QAOS Security Agent analyzes your web application for vulnerabilities that could be exploited by attackers to steal data, gain unauthorized access, or compromise user accounts.

Issue catalog

Issue IDCategorySeverity
unauthenticated-resource-accessAccess ControlCritical
privilege-escalationAccess ControlCritical
access-control-method-bypassAccess ControlCritical
forced-browsing-direct-url-accessAccess ControlCritical
default-accounts-presentAuthenticationCritical
default-credentials-in-domAuthenticationCritical
cookie-token-forgeryAuthenticationCritical
no-password-spraying-protectionAuthenticationHigh
no-login-rate-limitingAuthenticationHigh
compromised-credentials-acceptedAuthenticationHigh
weak-password-acceptedAuthenticationMedium
session-id-in-urlSession ManagementCritical
weak-session-cookie-entropySession ManagementHigh
cookies-missing-httponlySession ManagementHigh
user-input-not-filteredInjectionHigh
hostile-data-used-in-queryInjectionHigh
untrusted-data-concatenation-dynamic-queryInjectionHigh
orm-parameter-extraction-in-urlInjectionHigh
orm-parameter-extraction-in-formInjectionHigh
crypto-mechanism-bypassCryptographyCritical
unencrypted-page-servingCryptographyCritical
weak-crypto-key-generationCryptographyHigh
unencrypted-sensitive-communicationCryptographyHigh
misconfigured-security-headersCryptographyHigh
weak-hashing-no-saltCryptographyHigh
misconfigured-corsCryptographyHigh
exposed-sensitive-fileInfo DisclosureCritical
sensitive-data-loggedInfo DisclosureHigh
server-info-leakageInfo DisclosureMedium
detailed-error-messageInfo DisclosureMedium
detailed-error-pageInfo DisclosureMedium
local-log-storageInfo DisclosureMedium
log-event-exposureInfo DisclosureLow
user-input-not-validatedInput ValidationLow