Learn how to find and fix security vulnerabilities in your applications. Framework-specific guides with code examples and security checklists.
15
Vulnerabilities
14
Frameworks
155
Guides
XSS allows attackers to inject malicious scripts into web pages viewed by other users, enabling session hijacking, data theft, and defacement.
SQL Injection allows attackers to interfere with database queries, potentially reading, modifying, or deleting data, and in some cases executing system commands.
CSRF forces authenticated users to execute unwanted actions on a web application, exploiting the trust a site has in a user's browser.
IDOR occurs when an application exposes internal implementation objects (like database IDs) and fails to verify that users are authorized to access the referenced resource.
Broken authentication encompasses weaknesses in session management, credential handling, and identity verification that allow attackers to compromise user accounts.
Security misconfiguration encompasses insecure default settings, open cloud storage, verbose error messages, unnecessary features, and missing security headers.
Sensitive data exposure occurs when applications fail to adequately protect sensitive information like credentials, tokens, personal data, or financial information.
Missing rate limiting allows attackers to perform brute force attacks, credential stuffing, API abuse, and denial of service by making unlimited requests.
JWT vulnerabilities include algorithm confusion, missing validation, token leakage, and improper key management that can lead to authentication bypass.
Path traversal allows attackers to access files and directories stored outside the intended directory by manipulating file path references.
Command injection allows attackers to execute arbitrary operating system commands on the server through vulnerable application interfaces.
SSRF allows attackers to induce the server to make HTTP requests to arbitrary destinations, potentially accessing internal services, metadata APIs, and private networks.
Insecure file upload handling can allow attackers to upload malicious files including web shells, malware, or files that exploit server-side processing.
Insecure deserialization allows attackers to manipulate serialized objects to achieve remote code execution, replay attacks, injection, or privilege escalation.
RLS bypass vulnerabilities occur when database-level access policies are missing, misconfigured, or can be circumvented, exposing data across tenant boundaries.
How to Fix Cross-Site Scripting (XSS) in Next.js
How to Fix Cross-Site Scripting (XSS) in React
How to Fix Cross-Site Scripting (XSS) in Express
How to Fix SQL Injection in Express
How to Fix Cross-Site Request Forgery (CSRF) in Next.js
How to Fix Cross-Site Request Forgery (CSRF) in React
How to Fix Cross-Site Request Forgery (CSRF) in Express
How to Fix Insecure Direct Object References (IDOR) in Next.js
How to Fix Insecure Direct Object References (IDOR) in Express
Knowledge is power, but automated testing is peace of mind. Scan your app for all 15 vulnerability categories in minutes.
Start Free Scan