Local File Inclusion (LFI)

Software imports, requires, or includes executable functionality (such as a library) from a source that is outside the intended control sphere. 

Path Traversal (PATH)

Uses external input to construct a pathname that is intended to identify a file or directory that is under a restricted parent directory. However, the software does not properly neutralize special elements within the pathname. This may cause the pathname to resolve to a location outside of the restricted directory. 

Untrusted Deserialization (DESERIAL)

The application deserializes untrusted data without sufficiently verifying that the resulting data is valid. 

Cookie: HttpOnly (C_HTTP)

Cookie: HttpOnly: A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it is sent only to the server. For example, cookies that persist server-side sessions do not need to be available to JavaScript, and should have the HttpOnly attribute. This precaution helps mitigate cross-site scripting (XSS) attacks. 

Cookie: SameSite (C_SITE)

Cookie: SameSite: The SameSite attribute enables servers to prevent cookies from being sent with cross-origin requests (where Site is defined by the registrable domain). This provides protection against cross-site request forgery attacks (CSRF). 

Cookie: Secure (C_SECURE)

Cookie: Secure: A cookie with the Secure attribute is sent to the server only with an encrypted request over the HTTPS protocol. It is never sent with unsecured HTTP, and therefore cannot be accessed by a man-in-the-middle attacker. 

HTTP Header: X-Content-Type-Options (H_CONTENT)

The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed. This provides a way to opt-out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured. 

HTTP Header: Content-Security-Policy (H_CSP)

HTTP Header: Content-Security-Policy: The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. 

HTTP Header: X-Frame-Options (H_FRAME)

HTTP Header: X-Frame-Options: The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. 

HTTP Header: X-XSS-Protection (H_XSS)

HTTP Header: X-XSS-Protection: The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. 

Uncaught Exception (EXC)

Uncaught Exception: this is a very common issue - the runtime generally has built in security detection mechanisms in the form of Exceptions that are often times not "caught" and/or "not logged" - or if they are - it's buried in a file that is not reviewed until days or weeks after a security breach has occurred. This reviews ALL security related Exceptions across the entire runtime and using the security policy can report and/or take other additional actions on the information. 

Detect all applicable vulnerabilities to the application's services and tiers as reported in the National Vulnerability Database (NVD).