1. Important functions first
2. Follow user input
3. Hardcoded secrets and credentials
4. Use of dangerous functions and outdated dependencies
Thread🧵:👇
5. Developer comments, hidden debug functionalities, configuration files, and the .git directory
6. Hidden paths, deprecated endpoints, and endpoints in development
7. Weak cryptography or hashing algorithms
More 🧵:👇
8. Missing security checks on user input and regex strength
9. Missing cookie flags
10. Unexpected behavior, conditionals, unnecessarily complex and verbose functions
No comments:
Post a Comment
If you have any doubts or questions, please let us know.