├── Dockerfile ├── LICENSE ├── README.md ├── scripts ├── import_cwe_findings.py ├── new_findings.py ├── run.sh └── squash_findings.py ├── template_findings ├── .NET Misconfiguration: Use of Impersonation.json ├── A backdoor file exists on the server.json ├── ASP.NET Misconfiguration: Creating Debug Binary.json ├── ASP.NET Misconfiguration: Missing Custom Error Page.json ├── ASP.NET Misconfiguration: Not Using Input Validation Framework.json ├── ASP.NET Misconfiguration: Password in Configuration File.json ├── ASP.NET Misconfiguration: Use of Identity Impersonation.json ├── AWS Access Keys Assigned But Unused.json ├── AWS IAM Access Keys Not Rotated In The Last 90 Days.json ├── AWS IAM Access Keys Unused For More Than 90 Days.json ├── Absolute Path Traversal.json ├── Acceptance of Extraneous Untrusted Data With Trusted Data.json ├── Access of Memory Location After End of Buffer.json ├── Access of Memory Location Before Start of Buffer.json ├── Access of Resource Using Incompatible Type ('Type Confusion').json ├── Access of Uninitialized Pointer.json ├── Access restriction bypass via origin spoof.json ├── Access to Critical Private Variable via Public Method.json ├── Access-Control-Allow-Origin header set to '*'.json ├── Addition of Data Structure Sentinel.json ├── Algorithmic Complexity.json ├── Allocation of File Descriptors or Handles Without Limits or Throttling.json ├── Allocation of Resources Without Limits or Throttling.json ├── Allowed HTTP methods.json ├── Always-Incorrect Control Flow Implementation.json ├── Application error message.json ├── Argument Injection or Modification.json ├── Array Declared Public, Final, and Static.json ├── Assigning instead of Comparing.json ├── Assignment of a Fixed Address to a Pointer.json ├── Assignment to Variable without Use.json ├── Asymmetric Resource Consumption (Amplification).json ├── Attempt to Access Child of a Non-structure Pointer.json ├── Authentication Bypass Using an Alternate Path or Channel.json ├── Authentication Bypass by Alternate Name.json ├── Authentication Bypass by Assumed-Immutable Data.json ├── Authentication Bypass by Capture-replay.json ├── Authentication Bypass by Primary Weakness.json ├── Authentication Bypass by Spoofing.json ├── Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created.json ├── Authorization Bypass Through User-Controlled Key.json ├── Authorization Bypass Through User-Controlled SQL Primary Key.json ├── Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations.json ├── Backup directory.json ├── Backup file.json ├── Behavioral Change in New Version or Environment.json ├── Blind NoSQL Injection (differential analysis).json ├── Blind SQL Injection (timing attack).json ├── Blind SQL Injection.json ├── Buffer Access Using Size of Source Buffer.json ├── Buffer Access with Incorrect Length Value.json ├── Buffer Copy without Checking Size of Input ('Classic Buffer Overflow').json ├── Buffer Over-read.json ├── Buffer Under-read.json ├── Buffer Underwrite ('Buffer Underflow').json ├── CAPTCHA protected form.json ├── CVS_SVN user disclosure.json ├── Call to Non-ubiquitous API.json ├── Call to Thread run() instead of start().json ├── Channel Accessible by Non-Endpoint ('Man-in-the-Middle').json ├── Cleartext Storage in a File or on Disk.json ├── Cleartext Storage in the Registry.json ├── Cleartext Storage of Sensitive Information in Executable.json ├── Cleartext Storage of Sensitive Information in GUI.json ├── Cleartext Storage of Sensitive Information in Memory.json ├── Cleartext Storage of Sensitive Information in a Cookie.json ├── Cleartext Storage of Sensitive Information.json ├── Cleartext Transmission of Sensitive Information.json ├── Client-Side Enforcement of Server-Side Security.json ├── Cloneable Class Containing Sensitive Information.json ├── Code injection (timing attack).json ├── Code injection.json ├── Collapse of Data into Unsafe Value.json ├── Command Shell in Externally Accessible Directory.json ├── Common directory.json ├── Common sensitive file.json ├── Comparing instead of Assigning.json ├── Comparison Using Wrong Factors.json ├── Comparison of Classes by Name.json ├── Comparison of Incompatible Types.json ├── Comparison of Object References Instead of Object Contents.json ├── Compiler Optimization Removal or Modification of Security-critical Code.json ├── Compiler Removal of Code to Clear Buffers.json ├── Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').json ├── Containment Errors (Container Errors).json ├── Context Switching Race Condition.json ├── Cookie set for parent domain.json ├── Covert Channel.json ├── Covert Storage Channel.json ├── Covert Timing Channel.json ├── Creation of Temporary File With Insecure Permissions.json ├── Creation of Temporary File in Directory with Incorrect Permissions.json ├── Creation of chroot Jail Without Changing Working Directory.json ├── Credit card number disclosure.json ├── Critical Public Variable Without Final Modifier.json ├── Critical Variable Declared Public.json ├── Cross Site Scripting (XSS).json ├── Cross-Site Request Forgery (CSRF).json ├── Cross-Site Request Forgery.json ├── DEPRECATED (Duplicate): Covert Timing Channel.json ├── DEPRECATED (Duplicate): Failure to provide confidentiality for stored data.json ├── DEPRECATED (Duplicate): General Information Management Problems.json ├── DEPRECATED (Duplicate): HTTP response splitting.json ├── DEPRECATED (Duplicate): Miscalculated Null Termination.json ├── DEPRECATED (Duplicate): Proxied Trusted Channel.json ├── DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision.json ├── DEPRECATED (Duplicate): Trusting Self-reported DNS Name.json ├── DEPRECATED: Apple '.DS_Store'.json ├── DEPRECATED: Authentication Bypass Issues.json ├── DEPRECATED: Failure to Protect Stored Data from Modification.json ├── DEPRECATED: Improper Sanitization of Custom Special Characters.json ├── DEPRECATED: Incorrect Initialization.json ├── DEPRECATED: Incorrect Semantic Object Comparison.json ├── DEPRECATED: Information Exposure Through Cleanup Log Files.json ├── DEPRECATED: Information Exposure Through Debug Log Files.json ├── DEPRECATED: Information Exposure Through Server Log Files.json ├── DEPRECATED: Often Misused: Path Manipulation.json ├── DEPRECATED: State Synchronization Error.json ├── DEPRECATED: Use of Dynamic Class Loading.json ├── DOM-based Cross-Site Scripting (XSS).json ├── Dangerous Signal Handler not Disabled During Sensitive Operations.json ├── Dangling Database Cursor ('Cursor Injection').json ├── Dead Code.json ├── Deadlock.json ├── Declaration of Catch for Generic Exception.json ├── Declaration of Throws for Generic Exception.json ├── Default AWS Security Groups Are Not Restricted.json ├── Deletion of Data Structure Sentinel.json ├── Deployment of Wrong Handler.json ├── Deserialization of Untrusted Data.json ├── Detection of Error Condition Without Action.json ├── Direct Object References.json ├── Direct Request ('Forced Browsing').json ├── Direct Use of Unsafe JNI.json ├── Directory listing.json ├── Disable Unused Filesystems.json ├── Disclosed US Social Security Number (SSN).json ├── Divide By Zero.json ├── Double Decoding of the Same Data.json ├── Double Free.json ├── Double-Checked Locking.json ├── Doubled Character XSS Manipulations.json ├── Download of Code Without Integrity Check.json ├── Duplicate Key in Associative List (Alist).json ├── Duplicate Operations on Resource.json ├── Dynamic Variable Evaluation.json ├── E-mail address disclosure.json ├── EJB Bad Practices: Use of AWT Swing.json ├── EJB Bad Practices: Use of Class Loader.json ├── EJB Bad Practices: Use of Java I_O.json ├── EJB Bad Practices: Use of Sockets.json ├── EJB Bad Practices: Use of Synchronization Primitives.json ├── Embedded Malicious Code.json ├── Empty Password in Configuration File.json ├── Empty Synchronized Block.json ├── Encoding Error.json ├── End of Life Systems In Use.json ├── Ensure Default User umask is 027 Or More Restrictive.json ├── Ensure IPv6 Router Advertisements Are Not Accepted.json ├── Ensure IPv6 is Disabled.json ├── Ensure Loopback Traffic is Configured.json ├── Ensure Packet Redirect Sending is Disabled.json ├── Ensure Permissions On Logfiles Are Configured.json ├── Ensure Permissions On _etc_cron.d Are Configured.json ├── Ensure Permissions On _etc_cron.xxx Are Configured.json ├── Ensure Permissions On _etc_crontab Are Configured.json ├── Ensure RDS is Disabled.json ├── Ensure X Window System is not installed.json ├── Ensure at_cron is Restricted To Authorized Users.json ├── Ensure gpgcheck is Globally Activated.json ├── Ensure ntp is Configured.json ├── Ensure rsyslog Default File Permissions Are Configured.json ├── Ensure telnet Client is Not Installed.json ├── Excessive Ingress Rule Set.json ├── Excessive Iteration.json ├── Executable Regular Expression Error.json ├── Execution After Redirect (EAR).json ├── Execution with Unnecessary Privileges.json ├── Expected Behavior Violation.json ├── Expired Pointer Dereference.json ├── Explicit Call to Finalize().json ├── Exposed Dangerous Method or Function.json ├── Exposed IOCTL with Insufficient Access Control.json ├── Exposed Unsafe ActiveX Method.json ├── Exposed localstart.asp page.json ├── Exposure of Access Control List Files to an Unauthorized Control Sphere.json ├── Exposure of Backup File to an Unauthorized Control Sphere.json ├── Exposure of CVS Repository to an Unauthorized Control Sphere.json ├── Exposure of Core Dump File to an Unauthorized Control Sphere.json ├── Exposure of Data Element to Wrong Session.json ├── Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak').json ├── Exposure of Private Information ('Privacy Violation').json ├── Exposure of Resource to Wrong Sphere.json ├── Exposure of Sensitive Data Through Data Queries.json ├── Exposure of System Data to an Unauthorized Control Sphere.json ├── Expression is Always False.json ├── Expression is Always True.json ├── External Control of Assumed-Immutable Web Parameter.json ├── External Control of Critical State Data.json ├── External Control of File Name or Path.json ├── External Control of System or Configuration Setting.json ├── External Influence of Sphere Definition.json ├── External Initialization of Trusted Variables or Data Stores.json ├── Externally Controlled Reference to a Resource in Another Sphere.json ├── Failure to Handle Incomplete Element.json ├── Failure to Handle Missing Parameter.json ├── Failure to Sanitize Paired Delimiters.json ├── Failure to Sanitize Special Element.json ├── Failure to Sanitize Special Elements into a Different Plane (Special Element Injection).json ├── File Inclusion.json ├── File and Directory Information Exposure.json ├── Files or Directories Accessible to External Parties.json ├── Filesystem Integrity Checking (AIDE).json ├── Form-based File Upload.json ├── Free of Memory not on the Heap.json ├── Free of Pointer not at Start of Buffer.json ├── Function Call With Incorrect Argument Type.json ├── Function Call With Incorrect Number of Arguments.json ├── Function Call With Incorrect Order of Arguments.json ├── Function Call With Incorrect Variable or Reference as Argument.json ├── Function Call With Incorrectly Specified Argument Value.json ├── Function Call with Incorrectly Specified Arguments.json ├── Guessable CAPTCHA.json ├── Guessable credentials.json ├── HTML object.json ├── HTTP Basic Authentication credentials.json ├── HTTP TRACE.json ├── Hard Coded Passwords in Use.json ├── Heap-based Buffer Overflow.json ├── Hidden Functionality.json ├── HttpOnly cookie.json ├── Improper Access Control.json ├── Improper Address Validation in IOCTL with METHOD_NEITHER I_O Control Code.json ├── Improper Adherence to Coding Standards.json ├── Improper Authentication.json ├── Improper Authorization in Handler for Custom URL Scheme.json ├── Improper Authorization.json ├── Improper Certificate Validation.json ├── Improper Check for Certificate Revocation.json ├── Improper Check for Dropped Privileges.json ├── Improper Check for Unusual or Exceptional Conditions.json ├── Improper Check or Handling of Exceptional Conditions.json ├── Improper Cleanup on Thrown Exception.json ├── Improper Clearing of Heap Memory Before Release ('Heap Inspection').json ├── Improper Control of Document Type Definition.json ├── Improper Control of Dynamically-Identified Variables.json ├── Improper Control of Dynamically-Managed Code Resources.json ├── Improper Control of Filename for Include_Require Statement in PHP Program ('PHP Remote File Inclusion').json ├── Improper Control of Generation of Code ('Code Injection').json ├── Improper Control of Interaction Frequency.json ├── Improper Control of Resource Identifiers ('Resource Injection').json ├── Improper Control of a Resource Through its Lifetime.json ├── Improper Cross-boundary Removal of Sensitive Data.json ├── Improper Encoding or Escaping of Output.json ├── Improper Enforcement of Behavioral Workflow.json ├── Improper Enforcement of Message Integrity During Transmission in a Communication Channel.json ├── Improper Enforcement of Message or Data Structure.json ├── Improper Enforcement of a Single, Unique Action.json ├── Improper Export of Android Application Components.json ├── Improper Filtering of Special Elements.json ├── Improper Following of Specification by Caller.json ├── Improper Following of a Certificate's Chain of Trust.json ├── Improper Handling of Additional Special Element.json ├── Improper Handling of Alternate Encoding.json ├── Improper Handling of Apple HFS+ Alternate Data Stream Path.json ├── Improper Handling of Case Sensitivity.json ├── Improper Handling of Exceptional Conditions.json ├── Improper Handling of Extra Parameters.json ├── Improper Handling of Extra Values.json ├── Improper Handling of File Names that Identify Virtual Resources.json ├── Improper Handling of Highly Compressed Data (Data Amplification).json ├── Improper Handling of Incomplete Structural Elements.json ├── Improper Handling of Inconsistent Special Elements.json ├── Improper Handling of Inconsistent Structural Elements.json ├── Improper Handling of Insufficient Entropy in TRNG.json ├── Improper Handling of Insufficient Permissions or Privileges .json ├── Improper Handling of Insufficient Privileges.json ├── Improper Handling of Length Parameter Inconsistency .json ├── Improper Handling of Missing Special Element.json ├── Improper Handling of Missing Values.json ├── Improper Handling of Mixed Encoding.json ├── Improper Handling of Parameters.json ├── Improper Handling of Structural Elements.json ├── Improper Handling of Syntactically Invalid Structure.json ├── Improper Handling of URL Encoding (Hex Encoding).json ├── Improper Handling of Undefined Parameters.json ├── Improper Handling of Undefined Values.json ├── Improper Handling of Unexpected Data Type.json ├── Improper Handling of Unicode Encoding.json ├── Improper Handling of Values.json ├── Improper Handling of Windows ::DATA Alternate Data Stream.json ├── Improper Handling of Windows Device Names.json ├── Improper Initialization.json ├── Improper Input Validation.json ├── Improper Interaction Between Multiple Correctly-Behaving Entities.json ├── Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').json ├── Improper Link Resolution Before File Access ('Link Following').json ├── Improper Locking.json ├── Improper Neutralization of Alternate XSS Syntax.json ├── Improper Neutralization of CRLF Sequences ('CRLF Injection').json ├── Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting').json ├── Improper Neutralization of Comment Delimiters.json ├── Improper Neutralization of Data within XPath Expressions ('XPath Injection').json ├── Improper Neutralization of Data within XQuery Expressions ('XQuery Injection').json ├── Improper Neutralization of Delimiters.json ├── Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').json ├── Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection').json ├── Improper Neutralization of Encoded URI Schemes in a Web Page.json ├── Improper Neutralization of Equivalent Special Elements.json ├── Improper Neutralization of Escape, Meta, or Control Sequences.json ├── Improper Neutralization of Expression_Command Delimiters.json ├── Improper Neutralization of HTTP Headers for Scripting Syntax.json ├── Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').json ├── Improper Neutralization of Input Leaders.json ├── Improper Neutralization of Input Terminators.json ├── Improper Neutralization of Internal Special Elements.json ├── Improper Neutralization of Invalid Characters in Identifiers in Web Pages.json ├── Improper Neutralization of Leading Special Elements.json ├── Improper Neutralization of Line Delimiters.json ├── Improper Neutralization of Macro Symbols.json ├── Improper Neutralization of Multiple Internal Special Elements.json ├── Improper Neutralization of Multiple Leading Special Elements.json ├── Improper Neutralization of Multiple Trailing Special Elements.json ├── Improper Neutralization of Null Byte or NUL Character.json ├── Improper Neutralization of Parameter_Argument Delimiters.json ├── Improper Neutralization of Quoting Syntax.json ├── Improper Neutralization of Record Delimiters.json ├── Improper Neutralization of Script in Attributes in a Web Page.json ├── Improper Neutralization of Script in Attributes of IMG Tags in a Web Page.json ├── Improper Neutralization of Script in an Error Message Web Page.json ├── Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).json ├── Improper Neutralization of Section Delimiters.json ├── Improper Neutralization of Server-Side Includes (SSI) Within a Web Page.json ├── Improper Neutralization of Special Elements in Data Query Logic.json ├── Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').json ├── Improper Neutralization of Special Elements used in a Command ('Command Injection').json ├── Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection').json ├── Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection').json ├── Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').json ├── Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').json ├── Improper Neutralization of Special Elements.json ├── Improper Neutralization of Substitution Characters.json ├── Improper Neutralization of Trailing Special Elements.json ├── Improper Neutralization of Value Delimiters.json ├── Improper Neutralization of Variable Name Delimiters.json ├── Improper Neutralization of Whitespace.json ├── Improper Neutralization of Wildcards or Matching Symbols.json ├── Improper Null Termination.json ├── Improper Output Neutralization for Logs.json ├── Improper Ownership Management.json ├── Improper Preservation of Permissions.json ├── Improper Privilege Management.json ├── Improper Protection of Alternate Path.json ├── Improper Release of Memory Before Removing Last Reference ('Memory Leak').json ├── Improper Resolution of Path Equivalence.json ├── Improper Resource Locking.json ├── Improper Resource Shutdown or Release.json ├── Improper Restriction of Communication Channel to Intended Endpoints.json ├── Improper Restriction of Excessive Authentication Attempts.json ├── Improper Restriction of Names for Files and Other Resources.json ├── Improper Restriction of Operations within the Bounds of a Memory Buffer.json ├── Improper Restriction of Power Consumption.json ├── Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion').json ├── Improper Restriction of Rendered UI Layers or Frames.json ├── Improper Restriction of XML External Entity Reference ('XXE').json ├── Improper Synchronization.json ├── Improper Update of Reference Count.json ├── Improper Validation of Array Index.json ├── Improper Validation of Certificate Expiration.json ├── Improper Validation of Certificate with Host Mismatch.json ├── Improper Validation of Function Hook Arguments.json ├── Improper Validation of Integrity Check Value.json ├── Improper Verification of Cryptographic Signature.json ├── Improper Verification of Intent by Broadcast Receiver.json ├── Improper Verification of Source of a Communication Channel.json ├── Improperly Controlled Modification of Dynamically-Determined Object Attributes.json ├── Improperly Implemented Security Check for Standard.json ├── Inadequate Encryption Strength.json ├── Inappropriate Encoding for Output Context.json ├── Inbound Network Access Allowed From Anywhere For SSH.json ├── Inclusion of Functionality from Untrusted Control Sphere.json ├── Inclusion of Web Functionality from an Untrusted Source.json ├── Incomplete Blacklist to Cross-Site Scripting.json ├── Incomplete Blacklist.json ├── Incomplete Cleanup.json ├── Incomplete Comparison with Missing Factors.json ├── Incomplete Filtering of Multiple Instances of Special Elements.json ├── Incomplete Filtering of One or More Instances of Special Elements.json ├── Incomplete Filtering of Special Elements.json ├── Incomplete Identification of Uploaded File Variables (PHP).json ├── Incomplete Internal State Distinction.json ├── Incomplete Model of Endpoint Features.json ├── Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling').json ├── Incorrect Access of Indexable Resource ('Range Error').json ├── Incorrect Authorization.json ├── Incorrect Behavior Order.json ├── Incorrect Behavior Order: Authorization Before Parsing and Canonicalization.json ├── Incorrect Behavior Order: Early Amplification.json ├── Incorrect Behavior Order: Early Validation.json ├── Incorrect Behavior Order: Validate Before Canonicalize.json ├── Incorrect Behavior Order: Validate Before Filter.json ├── Incorrect Block Delimitation.json ├── Incorrect Calculation of Buffer Size.json ├── Incorrect Calculation of Multi-Byte String Length.json ├── Incorrect Calculation.json ├── Incorrect Check of Function Return Value.json ├── Incorrect Comparison.json ├── Incorrect Control Flow Scoping.json ├── Incorrect Conversion between Numeric Types.json ├── Incorrect Default Permissions.json ├── Incorrect Execution-Assigned Permissions.json ├── Incorrect Implementation of Authentication Algorithm.json ├── Incorrect Ownership Assignment.json ├── Incorrect Permission Assignment for Critical Resource.json ├── Incorrect Pointer Scaling.json ├── Incorrect Privilege Assignment.json ├── Incorrect Provision of Specified Functionality.json ├── Incorrect Regular Expression.json ├── Incorrect Resource Transfer Between Spheres.json ├── Incorrect Short Circuit Evaluation.json ├── Incorrect Synchronization.json ├── Incorrect Type Conversion or Cast.json ├── Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG).json ├── Incorrect Use of Privileged APIs.json ├── Incorrect User Management.json ├── Incorrectly Specified Destination in a Communication Channel.json ├── Information Exposure Through Behavioral Discrepancy.json ├── Information Exposure Through Browser Caching.json ├── Information Exposure Through Caching.json ├── Information Exposure Through Comments.json ├── Information Exposure Through Debug Information.json ├── Information Exposure Through Directory Listing.json ├── Information Exposure Through Discrepancy.json ├── Information Exposure Through Environmental Variables.json ├── Information Exposure Through Externally-Generated Error Message.json ├── Information Exposure Through Include Source Code.json ├── Information Exposure Through Indexing of Private Data.json ├── Information Exposure Through Java Runtime Error Message.json ├── Information Exposure Through Log Files.json ├── Information Exposure Through Persistent Cookies.json ├── Information Exposure Through Process Environment.json ├── Information Exposure Through Query Strings in GET Request.json ├── Information Exposure Through Self-generated Error Message.json ├── Information Exposure Through Sent Data.json ├── Information Exposure Through Server Error Message.json ├── Information Exposure Through Servlet Runtime Error Message.json ├── Information Exposure Through Shell Error Message.json ├── Information Exposure Through Source Code.json ├── Information Exposure Through Test Code.json ├── Information Exposure Through Timing Discrepancy.json ├── Information Exposure Through WSDL File.json ├── Information Exposure Through an Error Message.json ├── Information Exposure Through an External Behavioral Inconsistency.json ├── Information Exposure of Internal State Through Behavioral Inconsistency.json ├── Information Exposure.json ├── Information Loss or Omission.json ├── Insecure Automated Optimizations.json ├── Insecure Default Variable Initialization.json ├── Insecure Frontpage extensions configuration.json ├── Insecure Inherited Permissions.json ├── Insecure Java RMI Endpoint.json ├── Insecure Preserved Inherited Permissions.json ├── Insecure SSL version enabled.json ├── Insecure Storage of Sensitive Information.json ├── Insecure Temporary File.json ├── Insecure client-access policy.json ├── Insecure cookie.json ├── Insecure cross-domain policy.json ├── Insecure or no Cache-Control header.json ├── Insufficient Compartmentalization.json ├── Insufficient Control Flow Management.json ├── Insufficient Control of Network Message Volume (Network Amplification).json ├── Insufficient Entropy in PRNG.json ├── Insufficient Entropy.json ├── Insufficient Logging.json ├── Insufficient Psychological Acceptability.json ├── Insufficient Resource Pool.json ├── Insufficient Session Expiration.json ├── Insufficient Type Distinction.json ├── Insufficient UI Warning of Dangerous Operations.json ├── Insufficient Verification of Data Authenticity.json ├── Insufficient Visual Distinction of Homoglyphs Presented to User.json ├── Insufficiently Protected Credentials.json ├── Integer Coercion Error.json ├── Integer Overflow or Wraparound.json ├── Integer Overflow to Buffer Overflow.json ├── Integer Underflow (Wrap or Wraparound).json ├── Intentional Information Exposure.json ├── Interesting response.json ├── Internal IP Address Disclosure.json ├── Interpretation Conflict.json ├── J2EE Bad Practices: Direct Management of Connections.json ├── J2EE Bad Practices: Direct Use of Sockets.json ├── J2EE Bad Practices: Direct Use of Threads.json ├── J2EE Bad Practices: Non-serializable Object Stored in Session.json ├── J2EE Bad Practices: Use of System.exit().json ├── J2EE Framework: Saving Unserializable Objects to Disk.json ├── J2EE Misconfiguration: Data Transmission Without Encryption.json ├── J2EE Misconfiguration: Entity Bean Declared Remote.json ├── J2EE Misconfiguration: Insufficient Session-ID Length.json ├── J2EE Misconfiguration: Missing Custom Error Page.json ├── J2EE Misconfiguration: Plaintext Password in Configuration File.json ├── J2EE Misconfiguration: Weak Access Permissions for EJB Methods.json ├── Key Exchange without Entity Authentication.json ├── LDAP Injection.json ├── Lack of Administrator Control over Security.json ├── Lack of Egress Filtering .json ├── Lack of System Monitoring or Logging.json ├── Least Privilege Violation.json ├── Leftover Debug Code.json ├── Logging of Excessive Data.json ├── Logic_Time Bomb.json ├── Loop with Unreachable Exit Condition ('Infinite Loop').json ├── Misconfiguration in LIMIT directive of .htaccess file.json ├── Misinterpretation of Input.json ├── Mismatched Memory Management Routines.json ├── Missing 'Strict-Transport-Security' header.json ├── Missing 'X-Frame-Options' header.json ├── Missing Authentication for Critical Function.json ├── Missing Authorization.json ├── Missing Check for Certificate Revocation after Initial Check.json ├── Missing Critical Step in Authentication.json ├── Missing Custom Error Page.json ├── Missing Default Case in Switch Statement.json ├── Missing Encryption of Sensitive Data.json ├── Missing Handler.json ├── Missing Initialization of Resource.json ├── Missing Initialization of a Variable.json ├── Missing Lock Check.json ├── Missing Password Field Masking.json ├── Missing Reference to Active Allocated Resource.json ├── Missing Reference to Active File Descriptor or Handle.json ├── Missing Release of File Descriptor or Handle after Effective Lifetime.json ├── Missing Release of Resource after Effective Lifetime.json ├── Missing Report of Error Condition.json ├── Missing Required Cryptographic Step.json ├── Missing Standardized Error Handling Mechanism.json ├── Missing Support for Integrity Check.json ├── Missing Synchronization.json ├── Missing Validation of OpenSSL Certificate.json ├── Missing XML Validation.json ├── Mixed Resource.json ├── Modification of Assumed-Immutable Data (MAID).json ├── Multi-Factor Authentication Not Configured.json ├── Multiple Binds to the Same Port.json ├── Multiple Interpretations of UI Input.json ├── Multiple Locks of a Critical Resource.json ├── Multiple Unlocks of a Critical Resource.json ├── NULL Pointer Dereference.json ├── Name.json ├── NoSQL Injection.json ├── Non-Replicating Malicious Code.json ├── Non-exit on Failed Initialization.json ├── Not Failing Securely ('Failing Open').json ├── Not Using Complete Mediation.json ├── Not Using Password Aging.json ├── Not Using a Random IV with CBC Mode.json ├── Null Byte Interaction Error (Poison Null Byte).json ├── Numeric Range Comparison Without Minimum Check.json ├── Numeric Truncation Error.json ├── Object Model Violation: Just One of Equals and Hashcode Defined.json ├── Obscured Security-relevant Information by Alternate Name.json ├── Obsolete Feature in UI.json ├── Off-by-one Error.json ├── Omission of Security-relevant Information.json ├── Omitted Break Statement in Switch.json ├── Only Filtering One Instance of a Special Element.json ├── Only Filtering Special Elements Relative to a Marker.json ├── Only Filtering Special Elements at a Specified Location.json ├── Only Filtering Special Elements at an Absolute Position.json ├── Open Mail Relay Identified.json ├── Operating system command injection.json ├── Operation on Resource in Wrong Phase of Lifetime.json ├── Operation on a Resource after Expiration or Release.json ├── Operator Precedence Logic Error.json ├── Origin Validation Error.json ├── Out-of-bounds Read.json ├── Out-of-bounds Write.json ├── Overly Permissive Cross-domain Whitelist.json ├── Overly Restrictive Account Lockout Mechanism.json ├── Overly Restrictive Regular Expression.json ├── PHP External Variable Modification.json ├── Partial String Comparison.json ├── Passing Mutable Objects to an Untrusted Method.json ├── Password Aging with Long Expiration.json ├── Password field with auto-complete.json ├── Password in Configuration File.json ├── Path Equivalence: ' filename' (Leading Space).json ├── Path Equivalence: '_._' (Single Dot Directory).json ├── Path Equivalence: '__multiple_leading_slash'.json ├── Path Equivalence: '_multiple__internal_slash'.json ├── Path Equivalence: '_multiple_trailing_slash__'.json ├── Path Equivalence: 'fakedir_.._realdir_filename'.json ├── Path Equivalence: 'file name' (Internal Whitespace).json ├── Path Equivalence: 'file...name' (Multiple Internal Dot).json ├── Path Equivalence: 'file.name' (Internal Dot).json ├── Path Equivalence: 'filedir' (Trailing Backslash).json ├── Path Equivalence: 'filedir*' (Wildcard).json ├── Path Equivalence: 'filename ' (Trailing Space).json ├── Path Equivalence: 'filename.' (Trailing Dot).json ├── Path Equivalence: 'filename....' (Multiple Trailing Dot).json ├── Path Equivalence: 'filename_' (Trailing Slash).json ├── Path Equivalence: 'multipleinternalbackslash'.json ├── Path Equivalence: Windows 8.3 Filename.json ├── Path Traversal - [Uploaded Modified Templated Finding].json ├── Path Traversal.json ├── Path Traversal: '...' (Triple Dot).json ├── Path Traversal: '....' (Multiple Dot).json ├── Path Traversal: '....__'.json ├── Path Traversal: '..._...__'.json ├── Path Traversal: '.._filedir'.json ├── Path Traversal: '..filedir'.json ├── Path Traversal: '..filename'.json ├── Path Traversal: 'C:dirname'.json ├── Path Traversal: 'UNCsharename' (Windows UNC Share).json ├── Path Traversal: '_.._filedir'.json ├── Path Traversal: '_absolute_pathname_here'.json ├── Path Traversal: '_dir_.._filename'.json ├── Path Traversal: 'absolutepathnamehere'.json ├── Path Traversal: 'dir....filename'.json ├── Path Traversal: 'dir..filename'.json ├── Path Traversal: 'dir_.._.._filename'.json ├── Permission Race Condition During Resource Copy.json ├── Permissive Regular Expression.json ├── Permissive Whitelist.json ├── Persistent Cross-Site Scripting (XSS).json ├── Phishing Attack .json ├── Phishing vector.json ├── Placement of User into Incorrect Group.json ├── Predictability Problems.json ├── Predictable Exact Value from Previous Values.json ├── Predictable Seed in Pseudo-Random Number Generator (PRNG).json ├── Predictable Value Range from Previous Values.json ├── Predictable from Observable State.json ├── Premature Release of Resource During Expected Lifetime.json ├── Private Array-Typed Field Returned From A Public Method.json ├── Private IP address disclosure.json ├── Privilege Chaining.json ├── Privilege Context Switching Error.json ├── Privilege Defined With Unsafe Actions.json ├── Privilege Dropping _ Lowering Errors.json ├── Process Control.json ├── Processor Optimization Removal or Modification of Security-critical Code.json ├── Product UI does not Warn User of Unsafe Actions.json ├── Protection Mechanism Failure.json ├── Public Data Assigned to Private Array-Typed Field.json ├── Public Static Field Not Marked Final.json ├── Public Static Final Field References Mutable Object.json ├── Public cloneable() Method Without Final ('Object Hijack').json ├── Publicly writable directory.json ├── Race Condition During Access to Alternate Channel.json ├── Race Condition Enabling Link Following.json ├── Race Condition in Switch.json ├── Race Condition within a Thread.json ├── Reachable Assertion.json ├── Reflected Cross-Site Scripting (XSS).json ├── Reflected File Download.json ├── Reflection Attack in an Authentication Protocol.json ├── Regular Expression without Anchors.json ├── Regular expression Denial of Service - ReDoS.json ├── Relative Path Traversal.json ├── Release of Invalid Pointer or Reference.json ├── Reliance on Cookies without Validation and Integrity Checking in a Security Decision.json ├── Reliance on Cookies without Validation and Integrity Checking.json ├── Reliance on Data_Memory Layout.json ├── Reliance on File Name or Extension of Externally-Supplied File.json ├── Reliance on IP Address for Authentication.json ├── Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking.json ├── Reliance on Package-level Scope.json ├── Reliance on Reverse DNS Resolution for a Security-Critical Action.json ├── Reliance on Security Through Obscurity.json ├── Reliance on Undefined, Unspecified, or Implementation-Defined Behavior.json ├── Reliance on Untrusted Inputs in a Security Decision.json ├── Reliance on a Single Factor in a Security Decision.json ├── Remote File Inclusion.json ├── Replicating Malicious Code (Virus or Worm).json ├── Response Discrepancy Information Exposure.json ├── Response Splitting.json ├── Return Inside Finally Block.json ├── Return of Pointer Value Outside of Expected Range.json ├── Return of Stack Variable Address.json ├── Return of Wrong Status Code.json ├── Returning a Mutable Object to an Untrusted Caller.json ├── Reusing a Nonce, Key Pair in Encryption.json ├── Reversible One-Way Hash.json ├── SNMP Configured with Default Password.json ├── SQL Injection - [Uploaded Modified Templated Finding].json ├── SQL Injection.json ├── SQL Injection: Hibernate.json ├── SSH Server Configuration.json ├── SSL Server Supports SSLv2.json ├── Same Seed in Pseudo-Random Number Generator (PRNG).json ├── Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade').json ├── Self-signed TLS_SSL certificate.json ├── Sensitive Cookie Without 'HttpOnly' Flag.json ├── Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.json ├── Sensitive Data Storage in Improperly Locked Memory.json ├── Sensitive Data Under FTP Root.json ├── Sensitive Data Under Web Root.json ├── Sensitive Information Uncleared Before Release.json ├── Serializable Class Containing Sensitive Data.json ├── Server-Side Request Forgery (SSRF).json ├── Session Fixation.json ├── Session fixation.json ├── ShellShock.json ├── Signal Handler Function Associated with Multiple Signals.json ├── Signal Handler Race Condition.json ├── Signal Handler Use of a Non-reentrant Function.json ├── Signal Handler with Functionality that is not Asynchronous-Safe.json ├── Signed to Unsigned Conversion Error.json ├── Small Seed Space in PRNG.json ├── Small Space of Random Values.json ├── Source code disclosure.json ├── Spyware.json ├── Stack-based Buffer Overflow.json ├── Storage of Sensitive Data in a Mechanism without Access Control.json ├── Storing Passwords in a Recoverable Format.json ├── Struts: Duplicate Validation Forms.json ├── Struts: Form Bean Does Not Extend Validation Class.json ├── Struts: Form Field Without Validator.json ├── Struts: Incomplete validate() Method Definition.json ├── Struts: Non-private Field in ActionForm Class.json ├── Struts: Plug-in Framework not in Use.json ├── Struts: Unused Validation Form.json ├── Struts: Unvalidated Action Form.json ├── Struts: Validator Turned Off.json ├── Struts: Validator Without Form Field.json ├── Suspicious Comment.json ├── Symbolic Name not Mapping to Correct Object.json ├── The UI Performs the Wrong Action.json ├── Time-of-check Time-of-use (TOCTOU) Race Condition.json ├── Tomcat Manager with Default or Blank Passwords.json ├── Transmission of Private Resources into a New Sphere ('Resource Leak').json ├── Trapdoor.json ├── Trojan Horse.json ├── Truncation of Security-relevant Information.json ├── Trust Boundary Violation.json ├── Trust of System Event Data.json ├── Trusting HTTP Permission Methods on the Server Side.json ├── UI Discrepancy for Security Feature.json ├── UNIX Hard Link.json ├── UNIX Symbolic Link (Symlink) Following.json ├── URL Redirection to Untrusted Site ('Open Redirect').json ├── Uncaught Exception in Servlet .json ├── Uncaught Exception.json ├── Unchecked Error Condition.json ├── Unchecked Input for Loop Condition.json ├── Unchecked Return Value to NULL Pointer Dereference.json ├── Unchecked Return Value.json ├── Uncontrolled File Descriptor Consumption.json ├── Uncontrolled Memory Allocation.json ├── Uncontrolled Recursion.json ├── Uncontrolled Resource Consumption ('Resource Exhaustion').json ├── Uncontrolled Search Path Element.json ├── Undefined Behavior for Input to API.json ├── Unencrypted Backups Tapes (Storage Closet).json ├── Unencrypted password form.json ├── Unexpected Sign Extension.json ├── Unexpected Status Code or Return Value.json ├── Unimplemented or Unsupported Feature in UI.json ├── Unintended Proxy or Intermediary ('Confused Deputy').json ├── Unlock of a Resource that is not Locked.json ├── Unmanaged EC2 Bastions.json ├── Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism').json ├── Unparsed Raw Web Content Delivery.json ├── Unprotected Alternate Channel.json ├── Unprotected Primary Channel.json ├── Unprotected Storage of Credentials.json ├── Unprotected Transport of Credentials.json ├── Unprotected Windows Messaging Channel ('Shatter').json ├── Unquoted Search Path or Element.json ├── Unrestricted Externally Accessible Lock.json ├── Unrestricted Upload of File with Dangerous Type.json ├── Unrestricted file upload.json ├── Unsafe ActiveX Control Marked Safe For Scripting.json ├── Unsigned to Signed Conversion Error.json ├── Unsynchronized Access to Shared Data in a Multithreaded Context.json ├── Untrusted Pointer Dereference.json ├── Untrusted Search Path.json ├── Unvalidated DOM redirect.json ├── Unvalidated redirect.json ├── Unverified Ownership.json ├── Unverified Password Change.json ├── Use After Free.json ├── Use of Client-Side Authentication.json ├── Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).json ├── Use of Expired File Descriptor.json ├── Use of Externally-Controlled Format String.json ├── Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection').json ├── Use of Function with Inconsistent Implementations.json ├── Use of Hard-coded Credentials.json ├── Use of Hard-coded Cryptographic Key.json ├── Use of Hard-coded Password.json ├── Use of Hard-coded, Security-relevant Constants.json ├── Use of Implicit Intent for Sensitive Communication.json ├── Use of Incorrect Byte Ordering.json ├── Use of Incorrect Operator.json ├── Use of Incorrectly-Resolved Name or Reference.json ├── Use of Inherently Dangerous Function.json ├── Use of Inner Class Containing Sensitive Data.json ├── Use of Insufficiently Random Values.json ├── Use of Invariant Value in Dynamically Changing Context.json ├── Use of Less Trusted Source.json ├── Use of Low-Level Functionality.json ├── Use of Multiple Resources with Duplicate Identifier.json ├── Use of Non-Canonical URL Paths for Authorization Decisions.json ├── Use of NullPointerException Catch to Detect NULL Pointer Dereference.json ├── Use of Obsolete Function.json ├── Use of Out-of-range Pointer Offset.json ├── Use of Password Hash Instead of Password for Authentication.json ├── Use of Password Hash With Insufficient Computational Effort.json ├── Use of Password System for Primary Authentication.json ├── Use of Path Manipulation Function without Maximum-sized Buffer.json ├── Use of Pointer Subtraction to Determine Size.json ├── Use of Potentially Dangerous Function.json ├── Use of RSA Algorithm without OAEP.json ├── Use of Single-factor Authentication.json ├── Use of Singleton Pattern Without Synchronization in a Multithreaded Context.json ├── Use of Uninitialized Resource.json ├── Use of Uninitialized Variable.json ├── Use of Web Link to Untrusted Target with window.opener Access.json ├── Use of Wrong Operator in String Comparison.json ├── Use of a Broken or Risky Cryptographic Algorithm.json ├── Use of a Key Past its Expiration Date.json ├── Use of a Non-reentrant Function in a Concurrent Context.json ├── Use of a One-Way Hash with a Predictable Salt.json ├── Use of a One-Way Hash without a Salt.json ├── Use of getlogin() in Multithreaded Application.json ├── Use of sizeof() on a Pointer Type.json ├── Use of umask() with chmod-style Argument.json ├── User Interface (UI) Misrepresentation of Critical Information.json ├── Using Referer Field for Authentication.json ├── Variable Extraction Error.json ├── Violation of Secure Design Principles.json ├── Weak Cryptography for Passwords.json ├── Weak Password Recovery Mechanism for Forgotten Password.json ├── Weak Password Requirements.json ├── Weak SA Password on MSSQL Server.json ├── WebDAV.json ├── Windows Hard Link.json ├── Windows Shortcut Following (.LNK).json ├── Wrap-around Error.json ├── Write-what-where Condition.json ├── X-Content-Type-Options header missing.json ├── XML External Entity (XXE) Processing .json ├── XML External Entity.json ├── XML Injection (aka Blind XPath Injection).json ├── XPath Injection.json ├── clone() Method Without super.clone().json ├── finalize() Method Declared Public.json └── finalize() Method Without super.finalize().json └── template_reports ├── MoJ CVSS Report - API.docx ├── MoJ CVSS Report - Build Review.docx ├── MoJ CVSS Report - Firewall Configuration Review.docx └── MoJ CVSS Report - Web.docx /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/README.md -------------------------------------------------------------------------------- /scripts/import_cwe_findings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/scripts/import_cwe_findings.py -------------------------------------------------------------------------------- /scripts/new_findings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/scripts/new_findings.py -------------------------------------------------------------------------------- /scripts/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/scripts/run.sh -------------------------------------------------------------------------------- /scripts/squash_findings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/scripts/squash_findings.py -------------------------------------------------------------------------------- /template_findings/.NET Misconfiguration: Use of Impersonation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/.NET Misconfiguration: Use of Impersonation.json -------------------------------------------------------------------------------- /template_findings/A backdoor file exists on the server.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/A backdoor file exists on the server.json -------------------------------------------------------------------------------- /template_findings/ASP.NET Misconfiguration: Creating Debug Binary.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/ASP.NET Misconfiguration: Creating Debug Binary.json -------------------------------------------------------------------------------- /template_findings/ASP.NET Misconfiguration: Missing Custom Error Page.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/ASP.NET Misconfiguration: Missing Custom Error Page.json -------------------------------------------------------------------------------- /template_findings/ASP.NET Misconfiguration: Use of Identity Impersonation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/ASP.NET Misconfiguration: Use of Identity Impersonation.json -------------------------------------------------------------------------------- /template_findings/AWS Access Keys Assigned But Unused.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/AWS Access Keys Assigned But Unused.json -------------------------------------------------------------------------------- /template_findings/AWS IAM Access Keys Not Rotated In The Last 90 Days.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/AWS IAM Access Keys Not Rotated In The Last 90 Days.json -------------------------------------------------------------------------------- /template_findings/AWS IAM Access Keys Unused For More Than 90 Days.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/AWS IAM Access Keys Unused For More Than 90 Days.json -------------------------------------------------------------------------------- /template_findings/Absolute Path Traversal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Absolute Path Traversal.json -------------------------------------------------------------------------------- /template_findings/Access of Memory Location After End of Buffer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access of Memory Location After End of Buffer.json -------------------------------------------------------------------------------- /template_findings/Access of Memory Location Before Start of Buffer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access of Memory Location Before Start of Buffer.json -------------------------------------------------------------------------------- /template_findings/Access of Uninitialized Pointer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access of Uninitialized Pointer.json -------------------------------------------------------------------------------- /template_findings/Access restriction bypass via origin spoof.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access restriction bypass via origin spoof.json -------------------------------------------------------------------------------- /template_findings/Access to Critical Private Variable via Public Method.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access to Critical Private Variable via Public Method.json -------------------------------------------------------------------------------- /template_findings/Access-Control-Allow-Origin header set to '*'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Access-Control-Allow-Origin header set to '*'.json -------------------------------------------------------------------------------- /template_findings/Addition of Data Structure Sentinel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Addition of Data Structure Sentinel.json -------------------------------------------------------------------------------- /template_findings/Algorithmic Complexity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Algorithmic Complexity.json -------------------------------------------------------------------------------- /template_findings/Allocation of Resources Without Limits or Throttling.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Allocation of Resources Without Limits or Throttling.json -------------------------------------------------------------------------------- /template_findings/Allowed HTTP methods.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Allowed HTTP methods.json -------------------------------------------------------------------------------- /template_findings/Always-Incorrect Control Flow Implementation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Always-Incorrect Control Flow Implementation.json -------------------------------------------------------------------------------- /template_findings/Application error message.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Application error message.json -------------------------------------------------------------------------------- /template_findings/Argument Injection or Modification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Argument Injection or Modification.json -------------------------------------------------------------------------------- /template_findings/Array Declared Public, Final, and Static.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Array Declared Public, Final, and Static.json -------------------------------------------------------------------------------- /template_findings/Assigning instead of Comparing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Assigning instead of Comparing.json -------------------------------------------------------------------------------- /template_findings/Assignment of a Fixed Address to a Pointer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Assignment of a Fixed Address to a Pointer.json -------------------------------------------------------------------------------- /template_findings/Assignment to Variable without Use.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Assignment to Variable without Use.json -------------------------------------------------------------------------------- /template_findings/Asymmetric Resource Consumption (Amplification).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Asymmetric Resource Consumption (Amplification).json -------------------------------------------------------------------------------- /template_findings/Attempt to Access Child of a Non-structure Pointer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Attempt to Access Child of a Non-structure Pointer.json -------------------------------------------------------------------------------- /template_findings/Authentication Bypass by Alternate Name.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authentication Bypass by Alternate Name.json -------------------------------------------------------------------------------- /template_findings/Authentication Bypass by Assumed-Immutable Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authentication Bypass by Assumed-Immutable Data.json -------------------------------------------------------------------------------- /template_findings/Authentication Bypass by Capture-replay.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authentication Bypass by Capture-replay.json -------------------------------------------------------------------------------- /template_findings/Authentication Bypass by Primary Weakness.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authentication Bypass by Primary Weakness.json -------------------------------------------------------------------------------- /template_findings/Authentication Bypass by Spoofing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authentication Bypass by Spoofing.json -------------------------------------------------------------------------------- /template_findings/Authorization Bypass Through User-Controlled Key.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Authorization Bypass Through User-Controlled Key.json -------------------------------------------------------------------------------- /template_findings/Backup directory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Backup directory.json -------------------------------------------------------------------------------- /template_findings/Backup file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Backup file.json -------------------------------------------------------------------------------- /template_findings/Behavioral Change in New Version or Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Behavioral Change in New Version or Environment.json -------------------------------------------------------------------------------- /template_findings/Blind NoSQL Injection (differential analysis).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Blind NoSQL Injection (differential analysis).json -------------------------------------------------------------------------------- /template_findings/Blind SQL Injection (timing attack).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Blind SQL Injection (timing attack).json -------------------------------------------------------------------------------- /template_findings/Blind SQL Injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Blind SQL Injection.json -------------------------------------------------------------------------------- /template_findings/Buffer Access Using Size of Source Buffer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Buffer Access Using Size of Source Buffer.json -------------------------------------------------------------------------------- /template_findings/Buffer Access with Incorrect Length Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Buffer Access with Incorrect Length Value.json -------------------------------------------------------------------------------- /template_findings/Buffer Over-read.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Buffer Over-read.json -------------------------------------------------------------------------------- /template_findings/Buffer Under-read.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Buffer Under-read.json -------------------------------------------------------------------------------- /template_findings/CAPTCHA protected form.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/CAPTCHA protected form.json -------------------------------------------------------------------------------- /template_findings/CVS_SVN user disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/CVS_SVN user disclosure.json -------------------------------------------------------------------------------- /template_findings/Call to Non-ubiquitous API.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Call to Non-ubiquitous API.json -------------------------------------------------------------------------------- /template_findings/Call to Thread run() instead of start().json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Call to Thread run() instead of start().json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage in a File or on Disk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage in a File or on Disk.json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage in the Registry.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage in the Registry.json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage of Sensitive Information in GUI.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage of Sensitive Information in GUI.json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage of Sensitive Information in Memory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage of Sensitive Information in Memory.json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage of Sensitive Information in a Cookie.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage of Sensitive Information in a Cookie.json -------------------------------------------------------------------------------- /template_findings/Cleartext Storage of Sensitive Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Storage of Sensitive Information.json -------------------------------------------------------------------------------- /template_findings/Cleartext Transmission of Sensitive Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cleartext Transmission of Sensitive Information.json -------------------------------------------------------------------------------- /template_findings/Client-Side Enforcement of Server-Side Security.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Client-Side Enforcement of Server-Side Security.json -------------------------------------------------------------------------------- /template_findings/Cloneable Class Containing Sensitive Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cloneable Class Containing Sensitive Information.json -------------------------------------------------------------------------------- /template_findings/Code injection (timing attack).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Code injection (timing attack).json -------------------------------------------------------------------------------- /template_findings/Code injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Code injection.json -------------------------------------------------------------------------------- /template_findings/Collapse of Data into Unsafe Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Collapse of Data into Unsafe Value.json -------------------------------------------------------------------------------- /template_findings/Command Shell in Externally Accessible Directory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Command Shell in Externally Accessible Directory.json -------------------------------------------------------------------------------- /template_findings/Common directory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Common directory.json -------------------------------------------------------------------------------- /template_findings/Common sensitive file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Common sensitive file.json -------------------------------------------------------------------------------- /template_findings/Comparing instead of Assigning.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Comparing instead of Assigning.json -------------------------------------------------------------------------------- /template_findings/Comparison Using Wrong Factors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Comparison Using Wrong Factors.json -------------------------------------------------------------------------------- /template_findings/Comparison of Classes by Name.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Comparison of Classes by Name.json -------------------------------------------------------------------------------- /template_findings/Comparison of Incompatible Types.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Comparison of Incompatible Types.json -------------------------------------------------------------------------------- /template_findings/Compiler Removal of Code to Clear Buffers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Compiler Removal of Code to Clear Buffers.json -------------------------------------------------------------------------------- /template_findings/Containment Errors (Container Errors).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Containment Errors (Container Errors).json -------------------------------------------------------------------------------- /template_findings/Context Switching Race Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Context Switching Race Condition.json -------------------------------------------------------------------------------- /template_findings/Cookie set for parent domain.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cookie set for parent domain.json -------------------------------------------------------------------------------- /template_findings/Covert Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Covert Channel.json -------------------------------------------------------------------------------- /template_findings/Covert Storage Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Covert Storage Channel.json -------------------------------------------------------------------------------- /template_findings/Covert Timing Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Covert Timing Channel.json -------------------------------------------------------------------------------- /template_findings/Creation of Temporary File With Insecure Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Creation of Temporary File With Insecure Permissions.json -------------------------------------------------------------------------------- /template_findings/Credit card number disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Credit card number disclosure.json -------------------------------------------------------------------------------- /template_findings/Critical Public Variable Without Final Modifier.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Critical Public Variable Without Final Modifier.json -------------------------------------------------------------------------------- /template_findings/Critical Variable Declared Public.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Critical Variable Declared Public.json -------------------------------------------------------------------------------- /template_findings/Cross Site Scripting (XSS).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cross Site Scripting (XSS).json -------------------------------------------------------------------------------- /template_findings/Cross-Site Request Forgery (CSRF).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cross-Site Request Forgery (CSRF).json -------------------------------------------------------------------------------- /template_findings/Cross-Site Request Forgery.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Cross-Site Request Forgery.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED (Duplicate): Covert Timing Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED (Duplicate): Covert Timing Channel.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED (Duplicate): HTTP response splitting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED (Duplicate): HTTP response splitting.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED (Duplicate): Miscalculated Null Termination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED (Duplicate): Miscalculated Null Termination.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED (Duplicate): Proxied Trusted Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED (Duplicate): Proxied Trusted Channel.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED (Duplicate): Trusting Self-reported DNS Name.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED (Duplicate): Trusting Self-reported DNS Name.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Apple '.DS_Store'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Apple '.DS_Store'.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Authentication Bypass Issues.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Authentication Bypass Issues.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Incorrect Initialization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Incorrect Initialization.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Incorrect Semantic Object Comparison.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Incorrect Semantic Object Comparison.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Often Misused: Path Manipulation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Often Misused: Path Manipulation.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: State Synchronization Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: State Synchronization Error.json -------------------------------------------------------------------------------- /template_findings/DEPRECATED: Use of Dynamic Class Loading.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DEPRECATED: Use of Dynamic Class Loading.json -------------------------------------------------------------------------------- /template_findings/DOM-based Cross-Site Scripting (XSS).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/DOM-based Cross-Site Scripting (XSS).json -------------------------------------------------------------------------------- /template_findings/Dead Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Dead Code.json -------------------------------------------------------------------------------- /template_findings/Deadlock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Deadlock.json -------------------------------------------------------------------------------- /template_findings/Declaration of Catch for Generic Exception.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Declaration of Catch for Generic Exception.json -------------------------------------------------------------------------------- /template_findings/Declaration of Throws for Generic Exception.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Declaration of Throws for Generic Exception.json -------------------------------------------------------------------------------- /template_findings/Default AWS Security Groups Are Not Restricted.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Default AWS Security Groups Are Not Restricted.json -------------------------------------------------------------------------------- /template_findings/Deletion of Data Structure Sentinel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Deletion of Data Structure Sentinel.json -------------------------------------------------------------------------------- /template_findings/Deployment of Wrong Handler.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Deployment of Wrong Handler.json -------------------------------------------------------------------------------- /template_findings/Deserialization of Untrusted Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Deserialization of Untrusted Data.json -------------------------------------------------------------------------------- /template_findings/Detection of Error Condition Without Action.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Detection of Error Condition Without Action.json -------------------------------------------------------------------------------- /template_findings/Direct Object References.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Direct Object References.json -------------------------------------------------------------------------------- /template_findings/Direct Request ('Forced Browsing').json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Direct Request ('Forced Browsing').json -------------------------------------------------------------------------------- /template_findings/Direct Use of Unsafe JNI.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Direct Use of Unsafe JNI.json -------------------------------------------------------------------------------- /template_findings/Directory listing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Directory listing.json -------------------------------------------------------------------------------- /template_findings/Disable Unused Filesystems.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Disable Unused Filesystems.json -------------------------------------------------------------------------------- /template_findings/Disclosed US Social Security Number (SSN).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Disclosed US Social Security Number (SSN).json -------------------------------------------------------------------------------- /template_findings/Divide By Zero.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Divide By Zero.json -------------------------------------------------------------------------------- /template_findings/Double Decoding of the Same Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Double Decoding of the Same Data.json -------------------------------------------------------------------------------- /template_findings/Double Free.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Double Free.json -------------------------------------------------------------------------------- /template_findings/Double-Checked Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Double-Checked Locking.json -------------------------------------------------------------------------------- /template_findings/Doubled Character XSS Manipulations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Doubled Character XSS Manipulations.json -------------------------------------------------------------------------------- /template_findings/Download of Code Without Integrity Check.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Download of Code Without Integrity Check.json -------------------------------------------------------------------------------- /template_findings/Duplicate Key in Associative List (Alist).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Duplicate Key in Associative List (Alist).json -------------------------------------------------------------------------------- /template_findings/Duplicate Operations on Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Duplicate Operations on Resource.json -------------------------------------------------------------------------------- /template_findings/Dynamic Variable Evaluation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Dynamic Variable Evaluation.json -------------------------------------------------------------------------------- /template_findings/E-mail address disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/E-mail address disclosure.json -------------------------------------------------------------------------------- /template_findings/EJB Bad Practices: Use of AWT Swing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/EJB Bad Practices: Use of AWT Swing.json -------------------------------------------------------------------------------- /template_findings/EJB Bad Practices: Use of Class Loader.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/EJB Bad Practices: Use of Class Loader.json -------------------------------------------------------------------------------- /template_findings/EJB Bad Practices: Use of Java I_O.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/EJB Bad Practices: Use of Java I_O.json -------------------------------------------------------------------------------- /template_findings/EJB Bad Practices: Use of Sockets.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/EJB Bad Practices: Use of Sockets.json -------------------------------------------------------------------------------- /template_findings/EJB Bad Practices: Use of Synchronization Primitives.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/EJB Bad Practices: Use of Synchronization Primitives.json -------------------------------------------------------------------------------- /template_findings/Embedded Malicious Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Embedded Malicious Code.json -------------------------------------------------------------------------------- /template_findings/Empty Password in Configuration File.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Empty Password in Configuration File.json -------------------------------------------------------------------------------- /template_findings/Empty Synchronized Block.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Empty Synchronized Block.json -------------------------------------------------------------------------------- /template_findings/Encoding Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Encoding Error.json -------------------------------------------------------------------------------- /template_findings/End of Life Systems In Use.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/End of Life Systems In Use.json -------------------------------------------------------------------------------- /template_findings/Ensure Default User umask is 027 Or More Restrictive.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Default User umask is 027 Or More Restrictive.json -------------------------------------------------------------------------------- /template_findings/Ensure IPv6 Router Advertisements Are Not Accepted.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure IPv6 Router Advertisements Are Not Accepted.json -------------------------------------------------------------------------------- /template_findings/Ensure IPv6 is Disabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure IPv6 is Disabled.json -------------------------------------------------------------------------------- /template_findings/Ensure Loopback Traffic is Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Loopback Traffic is Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure Packet Redirect Sending is Disabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Packet Redirect Sending is Disabled.json -------------------------------------------------------------------------------- /template_findings/Ensure Permissions On Logfiles Are Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Permissions On Logfiles Are Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure Permissions On _etc_cron.d Are Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Permissions On _etc_cron.d Are Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure Permissions On _etc_cron.xxx Are Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Permissions On _etc_cron.xxx Are Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure Permissions On _etc_crontab Are Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure Permissions On _etc_crontab Are Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure RDS is Disabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure RDS is Disabled.json -------------------------------------------------------------------------------- /template_findings/Ensure X Window System is not installed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure X Window System is not installed.json -------------------------------------------------------------------------------- /template_findings/Ensure at_cron is Restricted To Authorized Users.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure at_cron is Restricted To Authorized Users.json -------------------------------------------------------------------------------- /template_findings/Ensure gpgcheck is Globally Activated.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure gpgcheck is Globally Activated.json -------------------------------------------------------------------------------- /template_findings/Ensure ntp is Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure ntp is Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure rsyslog Default File Permissions Are Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure rsyslog Default File Permissions Are Configured.json -------------------------------------------------------------------------------- /template_findings/Ensure telnet Client is Not Installed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Ensure telnet Client is Not Installed.json -------------------------------------------------------------------------------- /template_findings/Excessive Ingress Rule Set.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Excessive Ingress Rule Set.json -------------------------------------------------------------------------------- /template_findings/Excessive Iteration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Excessive Iteration.json -------------------------------------------------------------------------------- /template_findings/Executable Regular Expression Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Executable Regular Expression Error.json -------------------------------------------------------------------------------- /template_findings/Execution After Redirect (EAR).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Execution After Redirect (EAR).json -------------------------------------------------------------------------------- /template_findings/Execution with Unnecessary Privileges.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Execution with Unnecessary Privileges.json -------------------------------------------------------------------------------- /template_findings/Expected Behavior Violation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Expected Behavior Violation.json -------------------------------------------------------------------------------- /template_findings/Expired Pointer Dereference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Expired Pointer Dereference.json -------------------------------------------------------------------------------- /template_findings/Explicit Call to Finalize().json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Explicit Call to Finalize().json -------------------------------------------------------------------------------- /template_findings/Exposed Dangerous Method or Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposed Dangerous Method or Function.json -------------------------------------------------------------------------------- /template_findings/Exposed IOCTL with Insufficient Access Control.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposed IOCTL with Insufficient Access Control.json -------------------------------------------------------------------------------- /template_findings/Exposed Unsafe ActiveX Method.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposed Unsafe ActiveX Method.json -------------------------------------------------------------------------------- /template_findings/Exposed localstart.asp page.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposed localstart.asp page.json -------------------------------------------------------------------------------- /template_findings/Exposure of Data Element to Wrong Session.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposure of Data Element to Wrong Session.json -------------------------------------------------------------------------------- /template_findings/Exposure of Resource to Wrong Sphere.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposure of Resource to Wrong Sphere.json -------------------------------------------------------------------------------- /template_findings/Exposure of Sensitive Data Through Data Queries.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Exposure of Sensitive Data Through Data Queries.json -------------------------------------------------------------------------------- /template_findings/Expression is Always False.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Expression is Always False.json -------------------------------------------------------------------------------- /template_findings/Expression is Always True.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Expression is Always True.json -------------------------------------------------------------------------------- /template_findings/External Control of Assumed-Immutable Web Parameter.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/External Control of Assumed-Immutable Web Parameter.json -------------------------------------------------------------------------------- /template_findings/External Control of Critical State Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/External Control of Critical State Data.json -------------------------------------------------------------------------------- /template_findings/External Control of File Name or Path.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/External Control of File Name or Path.json -------------------------------------------------------------------------------- /template_findings/External Control of System or Configuration Setting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/External Control of System or Configuration Setting.json -------------------------------------------------------------------------------- /template_findings/External Influence of Sphere Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/External Influence of Sphere Definition.json -------------------------------------------------------------------------------- /template_findings/Failure to Handle Incomplete Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Failure to Handle Incomplete Element.json -------------------------------------------------------------------------------- /template_findings/Failure to Handle Missing Parameter.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Failure to Handle Missing Parameter.json -------------------------------------------------------------------------------- /template_findings/Failure to Sanitize Paired Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Failure to Sanitize Paired Delimiters.json -------------------------------------------------------------------------------- /template_findings/Failure to Sanitize Special Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Failure to Sanitize Special Element.json -------------------------------------------------------------------------------- /template_findings/File Inclusion.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/File Inclusion.json -------------------------------------------------------------------------------- /template_findings/File and Directory Information Exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/File and Directory Information Exposure.json -------------------------------------------------------------------------------- /template_findings/Files or Directories Accessible to External Parties.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Files or Directories Accessible to External Parties.json -------------------------------------------------------------------------------- /template_findings/Filesystem Integrity Checking (AIDE).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Filesystem Integrity Checking (AIDE).json -------------------------------------------------------------------------------- /template_findings/Form-based File Upload.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Form-based File Upload.json -------------------------------------------------------------------------------- /template_findings/Free of Memory not on the Heap.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Free of Memory not on the Heap.json -------------------------------------------------------------------------------- /template_findings/Free of Pointer not at Start of Buffer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Free of Pointer not at Start of Buffer.json -------------------------------------------------------------------------------- /template_findings/Function Call With Incorrect Argument Type.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Function Call With Incorrect Argument Type.json -------------------------------------------------------------------------------- /template_findings/Function Call With Incorrect Number of Arguments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Function Call With Incorrect Number of Arguments.json -------------------------------------------------------------------------------- /template_findings/Function Call With Incorrect Order of Arguments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Function Call With Incorrect Order of Arguments.json -------------------------------------------------------------------------------- /template_findings/Function Call With Incorrectly Specified Argument Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Function Call With Incorrectly Specified Argument Value.json -------------------------------------------------------------------------------- /template_findings/Function Call with Incorrectly Specified Arguments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Function Call with Incorrectly Specified Arguments.json -------------------------------------------------------------------------------- /template_findings/Guessable CAPTCHA.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Guessable CAPTCHA.json -------------------------------------------------------------------------------- /template_findings/Guessable credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Guessable credentials.json -------------------------------------------------------------------------------- /template_findings/HTML object.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/HTML object.json -------------------------------------------------------------------------------- /template_findings/HTTP Basic Authentication credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/HTTP Basic Authentication credentials.json -------------------------------------------------------------------------------- /template_findings/HTTP TRACE.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/HTTP TRACE.json -------------------------------------------------------------------------------- /template_findings/Hard Coded Passwords in Use.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Hard Coded Passwords in Use.json -------------------------------------------------------------------------------- /template_findings/Heap-based Buffer Overflow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Heap-based Buffer Overflow.json -------------------------------------------------------------------------------- /template_findings/Hidden Functionality.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Hidden Functionality.json -------------------------------------------------------------------------------- /template_findings/HttpOnly cookie.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/HttpOnly cookie.json -------------------------------------------------------------------------------- /template_findings/Improper Access Control.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Access Control.json -------------------------------------------------------------------------------- /template_findings/Improper Adherence to Coding Standards.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Adherence to Coding Standards.json -------------------------------------------------------------------------------- /template_findings/Improper Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Authentication.json -------------------------------------------------------------------------------- /template_findings/Improper Authorization in Handler for Custom URL Scheme.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Authorization in Handler for Custom URL Scheme.json -------------------------------------------------------------------------------- /template_findings/Improper Authorization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Authorization.json -------------------------------------------------------------------------------- /template_findings/Improper Certificate Validation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Certificate Validation.json -------------------------------------------------------------------------------- /template_findings/Improper Check for Certificate Revocation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Check for Certificate Revocation.json -------------------------------------------------------------------------------- /template_findings/Improper Check for Dropped Privileges.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Check for Dropped Privileges.json -------------------------------------------------------------------------------- /template_findings/Improper Check for Unusual or Exceptional Conditions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Check for Unusual or Exceptional Conditions.json -------------------------------------------------------------------------------- /template_findings/Improper Check or Handling of Exceptional Conditions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Check or Handling of Exceptional Conditions.json -------------------------------------------------------------------------------- /template_findings/Improper Cleanup on Thrown Exception.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Cleanup on Thrown Exception.json -------------------------------------------------------------------------------- /template_findings/Improper Control of Document Type Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Control of Document Type Definition.json -------------------------------------------------------------------------------- /template_findings/Improper Control of Dynamically-Identified Variables.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Control of Dynamically-Identified Variables.json -------------------------------------------------------------------------------- /template_findings/Improper Control of Dynamically-Managed Code Resources.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Control of Dynamically-Managed Code Resources.json -------------------------------------------------------------------------------- /template_findings/Improper Control of Interaction Frequency.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Control of Interaction Frequency.json -------------------------------------------------------------------------------- /template_findings/Improper Control of a Resource Through its Lifetime.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Control of a Resource Through its Lifetime.json -------------------------------------------------------------------------------- /template_findings/Improper Cross-boundary Removal of Sensitive Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Cross-boundary Removal of Sensitive Data.json -------------------------------------------------------------------------------- /template_findings/Improper Encoding or Escaping of Output.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Encoding or Escaping of Output.json -------------------------------------------------------------------------------- /template_findings/Improper Enforcement of Behavioral Workflow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Enforcement of Behavioral Workflow.json -------------------------------------------------------------------------------- /template_findings/Improper Enforcement of Message or Data Structure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Enforcement of Message or Data Structure.json -------------------------------------------------------------------------------- /template_findings/Improper Enforcement of a Single, Unique Action.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Enforcement of a Single, Unique Action.json -------------------------------------------------------------------------------- /template_findings/Improper Export of Android Application Components.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Export of Android Application Components.json -------------------------------------------------------------------------------- /template_findings/Improper Filtering of Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Filtering of Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Following of Specification by Caller.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Following of Specification by Caller.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Additional Special Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Additional Special Element.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Alternate Encoding.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Alternate Encoding.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Case Sensitivity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Case Sensitivity.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Exceptional Conditions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Exceptional Conditions.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Extra Parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Extra Parameters.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Extra Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Extra Values.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Incomplete Structural Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Incomplete Structural Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Inconsistent Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Inconsistent Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Inconsistent Structural Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Inconsistent Structural Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Insufficient Entropy in TRNG.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Insufficient Entropy in TRNG.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Insufficient Privileges.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Insufficient Privileges.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Length Parameter Inconsistency .json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Length Parameter Inconsistency .json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Missing Special Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Missing Special Element.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Missing Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Missing Values.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Mixed Encoding.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Mixed Encoding.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Parameters.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Structural Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Structural Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Syntactically Invalid Structure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Syntactically Invalid Structure.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of URL Encoding (Hex Encoding).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of URL Encoding (Hex Encoding).json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Undefined Parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Undefined Parameters.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Undefined Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Undefined Values.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Unexpected Data Type.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Unexpected Data Type.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Unicode Encoding.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Unicode Encoding.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Values.json -------------------------------------------------------------------------------- /template_findings/Improper Handling of Windows Device Names.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Handling of Windows Device Names.json -------------------------------------------------------------------------------- /template_findings/Improper Initialization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Initialization.json -------------------------------------------------------------------------------- /template_findings/Improper Input Validation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Input Validation.json -------------------------------------------------------------------------------- /template_findings/Improper Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Locking.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Alternate XSS Syntax.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Alternate XSS Syntax.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Comment Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Comment Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Equivalent Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Equivalent Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Input Leaders.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Input Leaders.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Input Terminators.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Input Terminators.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Internal Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Internal Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Leading Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Leading Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Line Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Line Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Macro Symbols.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Macro Symbols.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Null Byte or NUL Character.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Null Byte or NUL Character.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Quoting Syntax.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Quoting Syntax.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Record Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Record Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Section Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Section Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Substitution Characters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Substitution Characters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Trailing Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Trailing Special Elements.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Value Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Value Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Variable Name Delimiters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Variable Name Delimiters.json -------------------------------------------------------------------------------- /template_findings/Improper Neutralization of Whitespace.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Neutralization of Whitespace.json -------------------------------------------------------------------------------- /template_findings/Improper Null Termination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Null Termination.json -------------------------------------------------------------------------------- /template_findings/Improper Output Neutralization for Logs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Output Neutralization for Logs.json -------------------------------------------------------------------------------- /template_findings/Improper Ownership Management.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Ownership Management.json -------------------------------------------------------------------------------- /template_findings/Improper Preservation of Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Preservation of Permissions.json -------------------------------------------------------------------------------- /template_findings/Improper Privilege Management.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Privilege Management.json -------------------------------------------------------------------------------- /template_findings/Improper Protection of Alternate Path.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Protection of Alternate Path.json -------------------------------------------------------------------------------- /template_findings/Improper Resolution of Path Equivalence.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Resolution of Path Equivalence.json -------------------------------------------------------------------------------- /template_findings/Improper Resource Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Resource Locking.json -------------------------------------------------------------------------------- /template_findings/Improper Resource Shutdown or Release.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Resource Shutdown or Release.json -------------------------------------------------------------------------------- /template_findings/Improper Restriction of Power Consumption.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Restriction of Power Consumption.json -------------------------------------------------------------------------------- /template_findings/Improper Restriction of Rendered UI Layers or Frames.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Restriction of Rendered UI Layers or Frames.json -------------------------------------------------------------------------------- /template_findings/Improper Synchronization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Synchronization.json -------------------------------------------------------------------------------- /template_findings/Improper Update of Reference Count.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Update of Reference Count.json -------------------------------------------------------------------------------- /template_findings/Improper Validation of Array Index.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Validation of Array Index.json -------------------------------------------------------------------------------- /template_findings/Improper Validation of Certificate Expiration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Validation of Certificate Expiration.json -------------------------------------------------------------------------------- /template_findings/Improper Validation of Certificate with Host Mismatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Validation of Certificate with Host Mismatch.json -------------------------------------------------------------------------------- /template_findings/Improper Validation of Function Hook Arguments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Validation of Function Hook Arguments.json -------------------------------------------------------------------------------- /template_findings/Improper Validation of Integrity Check Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Validation of Integrity Check Value.json -------------------------------------------------------------------------------- /template_findings/Improper Verification of Cryptographic Signature.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Verification of Cryptographic Signature.json -------------------------------------------------------------------------------- /template_findings/Improper Verification of Intent by Broadcast Receiver.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improper Verification of Intent by Broadcast Receiver.json -------------------------------------------------------------------------------- /template_findings/Improperly Implemented Security Check for Standard.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Improperly Implemented Security Check for Standard.json -------------------------------------------------------------------------------- /template_findings/Inadequate Encryption Strength.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Inadequate Encryption Strength.json -------------------------------------------------------------------------------- /template_findings/Inappropriate Encoding for Output Context.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Inappropriate Encoding for Output Context.json -------------------------------------------------------------------------------- /template_findings/Inbound Network Access Allowed From Anywhere For SSH.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Inbound Network Access Allowed From Anywhere For SSH.json -------------------------------------------------------------------------------- /template_findings/Inclusion of Web Functionality from an Untrusted Source.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Inclusion of Web Functionality from an Untrusted Source.json -------------------------------------------------------------------------------- /template_findings/Incomplete Blacklist to Cross-Site Scripting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Blacklist to Cross-Site Scripting.json -------------------------------------------------------------------------------- /template_findings/Incomplete Blacklist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Blacklist.json -------------------------------------------------------------------------------- /template_findings/Incomplete Cleanup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Cleanup.json -------------------------------------------------------------------------------- /template_findings/Incomplete Comparison with Missing Factors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Comparison with Missing Factors.json -------------------------------------------------------------------------------- /template_findings/Incomplete Filtering of Special Elements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Filtering of Special Elements.json -------------------------------------------------------------------------------- /template_findings/Incomplete Internal State Distinction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Internal State Distinction.json -------------------------------------------------------------------------------- /template_findings/Incomplete Model of Endpoint Features.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incomplete Model of Endpoint Features.json -------------------------------------------------------------------------------- /template_findings/Incorrect Authorization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Authorization.json -------------------------------------------------------------------------------- /template_findings/Incorrect Behavior Order.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Behavior Order.json -------------------------------------------------------------------------------- /template_findings/Incorrect Behavior Order: Early Amplification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Behavior Order: Early Amplification.json -------------------------------------------------------------------------------- /template_findings/Incorrect Behavior Order: Early Validation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Behavior Order: Early Validation.json -------------------------------------------------------------------------------- /template_findings/Incorrect Behavior Order: Validate Before Canonicalize.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Behavior Order: Validate Before Canonicalize.json -------------------------------------------------------------------------------- /template_findings/Incorrect Behavior Order: Validate Before Filter.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Behavior Order: Validate Before Filter.json -------------------------------------------------------------------------------- /template_findings/Incorrect Block Delimitation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Block Delimitation.json -------------------------------------------------------------------------------- /template_findings/Incorrect Calculation of Buffer Size.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Calculation of Buffer Size.json -------------------------------------------------------------------------------- /template_findings/Incorrect Calculation of Multi-Byte String Length.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Calculation of Multi-Byte String Length.json -------------------------------------------------------------------------------- /template_findings/Incorrect Calculation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Calculation.json -------------------------------------------------------------------------------- /template_findings/Incorrect Check of Function Return Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Check of Function Return Value.json -------------------------------------------------------------------------------- /template_findings/Incorrect Comparison.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Comparison.json -------------------------------------------------------------------------------- /template_findings/Incorrect Control Flow Scoping.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Control Flow Scoping.json -------------------------------------------------------------------------------- /template_findings/Incorrect Conversion between Numeric Types.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Conversion between Numeric Types.json -------------------------------------------------------------------------------- /template_findings/Incorrect Default Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Default Permissions.json -------------------------------------------------------------------------------- /template_findings/Incorrect Execution-Assigned Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Execution-Assigned Permissions.json -------------------------------------------------------------------------------- /template_findings/Incorrect Implementation of Authentication Algorithm.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Implementation of Authentication Algorithm.json -------------------------------------------------------------------------------- /template_findings/Incorrect Ownership Assignment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Ownership Assignment.json -------------------------------------------------------------------------------- /template_findings/Incorrect Permission Assignment for Critical Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Permission Assignment for Critical Resource.json -------------------------------------------------------------------------------- /template_findings/Incorrect Pointer Scaling.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Pointer Scaling.json -------------------------------------------------------------------------------- /template_findings/Incorrect Privilege Assignment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Privilege Assignment.json -------------------------------------------------------------------------------- /template_findings/Incorrect Provision of Specified Functionality.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Provision of Specified Functionality.json -------------------------------------------------------------------------------- /template_findings/Incorrect Regular Expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Regular Expression.json -------------------------------------------------------------------------------- /template_findings/Incorrect Resource Transfer Between Spheres.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Resource Transfer Between Spheres.json -------------------------------------------------------------------------------- /template_findings/Incorrect Short Circuit Evaluation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Short Circuit Evaluation.json -------------------------------------------------------------------------------- /template_findings/Incorrect Synchronization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Synchronization.json -------------------------------------------------------------------------------- /template_findings/Incorrect Type Conversion or Cast.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Type Conversion or Cast.json -------------------------------------------------------------------------------- /template_findings/Incorrect Use of Privileged APIs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect Use of Privileged APIs.json -------------------------------------------------------------------------------- /template_findings/Incorrect User Management.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Incorrect User Management.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Behavioral Discrepancy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Behavioral Discrepancy.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Browser Caching.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Browser Caching.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Caching.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Caching.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Comments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Comments.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Debug Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Debug Information.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Directory Listing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Directory Listing.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Discrepancy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Discrepancy.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Environmental Variables.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Environmental Variables.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Include Source Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Include Source Code.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Indexing of Private Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Indexing of Private Data.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Java Runtime Error Message.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Java Runtime Error Message.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Log Files.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Log Files.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Persistent Cookies.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Persistent Cookies.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Process Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Process Environment.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Sent Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Sent Data.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Server Error Message.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Server Error Message.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Shell Error Message.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Shell Error Message.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Source Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Source Code.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Test Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Test Code.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through Timing Discrepancy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through Timing Discrepancy.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through WSDL File.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through WSDL File.json -------------------------------------------------------------------------------- /template_findings/Information Exposure Through an Error Message.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure Through an Error Message.json -------------------------------------------------------------------------------- /template_findings/Information Exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Exposure.json -------------------------------------------------------------------------------- /template_findings/Information Loss or Omission.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Information Loss or Omission.json -------------------------------------------------------------------------------- /template_findings/Insecure Automated Optimizations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Automated Optimizations.json -------------------------------------------------------------------------------- /template_findings/Insecure Default Variable Initialization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Default Variable Initialization.json -------------------------------------------------------------------------------- /template_findings/Insecure Frontpage extensions configuration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Frontpage extensions configuration.json -------------------------------------------------------------------------------- /template_findings/Insecure Inherited Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Inherited Permissions.json -------------------------------------------------------------------------------- /template_findings/Insecure Java RMI Endpoint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Java RMI Endpoint.json -------------------------------------------------------------------------------- /template_findings/Insecure Preserved Inherited Permissions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Preserved Inherited Permissions.json -------------------------------------------------------------------------------- /template_findings/Insecure SSL version enabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure SSL version enabled.json -------------------------------------------------------------------------------- /template_findings/Insecure Storage of Sensitive Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Storage of Sensitive Information.json -------------------------------------------------------------------------------- /template_findings/Insecure Temporary File.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure Temporary File.json -------------------------------------------------------------------------------- /template_findings/Insecure client-access policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure client-access policy.json -------------------------------------------------------------------------------- /template_findings/Insecure cookie.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure cookie.json -------------------------------------------------------------------------------- /template_findings/Insecure cross-domain policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure cross-domain policy.json -------------------------------------------------------------------------------- /template_findings/Insecure or no Cache-Control header.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insecure or no Cache-Control header.json -------------------------------------------------------------------------------- /template_findings/Insufficient Compartmentalization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Compartmentalization.json -------------------------------------------------------------------------------- /template_findings/Insufficient Control Flow Management.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Control Flow Management.json -------------------------------------------------------------------------------- /template_findings/Insufficient Entropy in PRNG.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Entropy in PRNG.json -------------------------------------------------------------------------------- /template_findings/Insufficient Entropy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Entropy.json -------------------------------------------------------------------------------- /template_findings/Insufficient Logging.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Logging.json -------------------------------------------------------------------------------- /template_findings/Insufficient Psychological Acceptability.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Psychological Acceptability.json -------------------------------------------------------------------------------- /template_findings/Insufficient Resource Pool.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Resource Pool.json -------------------------------------------------------------------------------- /template_findings/Insufficient Session Expiration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Session Expiration.json -------------------------------------------------------------------------------- /template_findings/Insufficient Type Distinction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Type Distinction.json -------------------------------------------------------------------------------- /template_findings/Insufficient UI Warning of Dangerous Operations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient UI Warning of Dangerous Operations.json -------------------------------------------------------------------------------- /template_findings/Insufficient Verification of Data Authenticity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficient Verification of Data Authenticity.json -------------------------------------------------------------------------------- /template_findings/Insufficiently Protected Credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Insufficiently Protected Credentials.json -------------------------------------------------------------------------------- /template_findings/Integer Coercion Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Integer Coercion Error.json -------------------------------------------------------------------------------- /template_findings/Integer Overflow or Wraparound.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Integer Overflow or Wraparound.json -------------------------------------------------------------------------------- /template_findings/Integer Overflow to Buffer Overflow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Integer Overflow to Buffer Overflow.json -------------------------------------------------------------------------------- /template_findings/Integer Underflow (Wrap or Wraparound).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Integer Underflow (Wrap or Wraparound).json -------------------------------------------------------------------------------- /template_findings/Intentional Information Exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Intentional Information Exposure.json -------------------------------------------------------------------------------- /template_findings/Interesting response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Interesting response.json -------------------------------------------------------------------------------- /template_findings/Internal IP Address Disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Internal IP Address Disclosure.json -------------------------------------------------------------------------------- /template_findings/Interpretation Conflict.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Interpretation Conflict.json -------------------------------------------------------------------------------- /template_findings/J2EE Bad Practices: Direct Management of Connections.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Bad Practices: Direct Management of Connections.json -------------------------------------------------------------------------------- /template_findings/J2EE Bad Practices: Direct Use of Sockets.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Bad Practices: Direct Use of Sockets.json -------------------------------------------------------------------------------- /template_findings/J2EE Bad Practices: Direct Use of Threads.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Bad Practices: Direct Use of Threads.json -------------------------------------------------------------------------------- /template_findings/J2EE Bad Practices: Use of System.exit().json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Bad Practices: Use of System.exit().json -------------------------------------------------------------------------------- /template_findings/J2EE Framework: Saving Unserializable Objects to Disk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Framework: Saving Unserializable Objects to Disk.json -------------------------------------------------------------------------------- /template_findings/J2EE Misconfiguration: Entity Bean Declared Remote.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Misconfiguration: Entity Bean Declared Remote.json -------------------------------------------------------------------------------- /template_findings/J2EE Misconfiguration: Insufficient Session-ID Length.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Misconfiguration: Insufficient Session-ID Length.json -------------------------------------------------------------------------------- /template_findings/J2EE Misconfiguration: Missing Custom Error Page.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/J2EE Misconfiguration: Missing Custom Error Page.json -------------------------------------------------------------------------------- /template_findings/Key Exchange without Entity Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Key Exchange without Entity Authentication.json -------------------------------------------------------------------------------- /template_findings/LDAP Injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/LDAP Injection.json -------------------------------------------------------------------------------- /template_findings/Lack of Administrator Control over Security.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Lack of Administrator Control over Security.json -------------------------------------------------------------------------------- /template_findings/Lack of Egress Filtering .json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Lack of Egress Filtering .json -------------------------------------------------------------------------------- /template_findings/Lack of System Monitoring or Logging.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Lack of System Monitoring or Logging.json -------------------------------------------------------------------------------- /template_findings/Least Privilege Violation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Least Privilege Violation.json -------------------------------------------------------------------------------- /template_findings/Leftover Debug Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Leftover Debug Code.json -------------------------------------------------------------------------------- /template_findings/Logging of Excessive Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Logging of Excessive Data.json -------------------------------------------------------------------------------- /template_findings/Logic_Time Bomb.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Logic_Time Bomb.json -------------------------------------------------------------------------------- /template_findings/Misconfiguration in LIMIT directive of .htaccess file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Misconfiguration in LIMIT directive of .htaccess file.json -------------------------------------------------------------------------------- /template_findings/Misinterpretation of Input.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Misinterpretation of Input.json -------------------------------------------------------------------------------- /template_findings/Mismatched Memory Management Routines.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Mismatched Memory Management Routines.json -------------------------------------------------------------------------------- /template_findings/Missing 'Strict-Transport-Security' header.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing 'Strict-Transport-Security' header.json -------------------------------------------------------------------------------- /template_findings/Missing 'X-Frame-Options' header.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing 'X-Frame-Options' header.json -------------------------------------------------------------------------------- /template_findings/Missing Authentication for Critical Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Authentication for Critical Function.json -------------------------------------------------------------------------------- /template_findings/Missing Authorization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Authorization.json -------------------------------------------------------------------------------- /template_findings/Missing Critical Step in Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Critical Step in Authentication.json -------------------------------------------------------------------------------- /template_findings/Missing Custom Error Page.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Custom Error Page.json -------------------------------------------------------------------------------- /template_findings/Missing Default Case in Switch Statement.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Default Case in Switch Statement.json -------------------------------------------------------------------------------- /template_findings/Missing Encryption of Sensitive Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Encryption of Sensitive Data.json -------------------------------------------------------------------------------- /template_findings/Missing Handler.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Handler.json -------------------------------------------------------------------------------- /template_findings/Missing Initialization of Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Initialization of Resource.json -------------------------------------------------------------------------------- /template_findings/Missing Initialization of a Variable.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Initialization of a Variable.json -------------------------------------------------------------------------------- /template_findings/Missing Lock Check.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Lock Check.json -------------------------------------------------------------------------------- /template_findings/Missing Password Field Masking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Password Field Masking.json -------------------------------------------------------------------------------- /template_findings/Missing Reference to Active Allocated Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Reference to Active Allocated Resource.json -------------------------------------------------------------------------------- /template_findings/Missing Reference to Active File Descriptor or Handle.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Reference to Active File Descriptor or Handle.json -------------------------------------------------------------------------------- /template_findings/Missing Release of Resource after Effective Lifetime.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Release of Resource after Effective Lifetime.json -------------------------------------------------------------------------------- /template_findings/Missing Report of Error Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Report of Error Condition.json -------------------------------------------------------------------------------- /template_findings/Missing Required Cryptographic Step.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Required Cryptographic Step.json -------------------------------------------------------------------------------- /template_findings/Missing Standardized Error Handling Mechanism.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Standardized Error Handling Mechanism.json -------------------------------------------------------------------------------- /template_findings/Missing Support for Integrity Check.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Support for Integrity Check.json -------------------------------------------------------------------------------- /template_findings/Missing Synchronization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Synchronization.json -------------------------------------------------------------------------------- /template_findings/Missing Validation of OpenSSL Certificate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing Validation of OpenSSL Certificate.json -------------------------------------------------------------------------------- /template_findings/Missing XML Validation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Missing XML Validation.json -------------------------------------------------------------------------------- /template_findings/Mixed Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Mixed Resource.json -------------------------------------------------------------------------------- /template_findings/Modification of Assumed-Immutable Data (MAID).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Modification of Assumed-Immutable Data (MAID).json -------------------------------------------------------------------------------- /template_findings/Multi-Factor Authentication Not Configured.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Multi-Factor Authentication Not Configured.json -------------------------------------------------------------------------------- /template_findings/Multiple Binds to the Same Port.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Multiple Binds to the Same Port.json -------------------------------------------------------------------------------- /template_findings/Multiple Interpretations of UI Input.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Multiple Interpretations of UI Input.json -------------------------------------------------------------------------------- /template_findings/Multiple Locks of a Critical Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Multiple Locks of a Critical Resource.json -------------------------------------------------------------------------------- /template_findings/Multiple Unlocks of a Critical Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Multiple Unlocks of a Critical Resource.json -------------------------------------------------------------------------------- /template_findings/NULL Pointer Dereference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/NULL Pointer Dereference.json -------------------------------------------------------------------------------- /template_findings/Name.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Name.json -------------------------------------------------------------------------------- /template_findings/NoSQL Injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/NoSQL Injection.json -------------------------------------------------------------------------------- /template_findings/Non-Replicating Malicious Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Non-Replicating Malicious Code.json -------------------------------------------------------------------------------- /template_findings/Non-exit on Failed Initialization.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Non-exit on Failed Initialization.json -------------------------------------------------------------------------------- /template_findings/Not Failing Securely ('Failing Open').json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Not Failing Securely ('Failing Open').json -------------------------------------------------------------------------------- /template_findings/Not Using Complete Mediation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Not Using Complete Mediation.json -------------------------------------------------------------------------------- /template_findings/Not Using Password Aging.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Not Using Password Aging.json -------------------------------------------------------------------------------- /template_findings/Not Using a Random IV with CBC Mode.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Not Using a Random IV with CBC Mode.json -------------------------------------------------------------------------------- /template_findings/Null Byte Interaction Error (Poison Null Byte).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Null Byte Interaction Error (Poison Null Byte).json -------------------------------------------------------------------------------- /template_findings/Numeric Range Comparison Without Minimum Check.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Numeric Range Comparison Without Minimum Check.json -------------------------------------------------------------------------------- /template_findings/Numeric Truncation Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Numeric Truncation Error.json -------------------------------------------------------------------------------- /template_findings/Obsolete Feature in UI.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Obsolete Feature in UI.json -------------------------------------------------------------------------------- /template_findings/Off-by-one Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Off-by-one Error.json -------------------------------------------------------------------------------- /template_findings/Omission of Security-relevant Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Omission of Security-relevant Information.json -------------------------------------------------------------------------------- /template_findings/Omitted Break Statement in Switch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Omitted Break Statement in Switch.json -------------------------------------------------------------------------------- /template_findings/Only Filtering One Instance of a Special Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Only Filtering One Instance of a Special Element.json -------------------------------------------------------------------------------- /template_findings/Only Filtering Special Elements Relative to a Marker.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Only Filtering Special Elements Relative to a Marker.json -------------------------------------------------------------------------------- /template_findings/Only Filtering Special Elements at a Specified Location.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Only Filtering Special Elements at a Specified Location.json -------------------------------------------------------------------------------- /template_findings/Only Filtering Special Elements at an Absolute Position.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Only Filtering Special Elements at an Absolute Position.json -------------------------------------------------------------------------------- /template_findings/Open Mail Relay Identified.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Open Mail Relay Identified.json -------------------------------------------------------------------------------- /template_findings/Operating system command injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Operating system command injection.json -------------------------------------------------------------------------------- /template_findings/Operation on Resource in Wrong Phase of Lifetime.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Operation on Resource in Wrong Phase of Lifetime.json -------------------------------------------------------------------------------- /template_findings/Operation on a Resource after Expiration or Release.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Operation on a Resource after Expiration or Release.json -------------------------------------------------------------------------------- /template_findings/Operator Precedence Logic Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Operator Precedence Logic Error.json -------------------------------------------------------------------------------- /template_findings/Origin Validation Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Origin Validation Error.json -------------------------------------------------------------------------------- /template_findings/Out-of-bounds Read.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Out-of-bounds Read.json -------------------------------------------------------------------------------- /template_findings/Out-of-bounds Write.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Out-of-bounds Write.json -------------------------------------------------------------------------------- /template_findings/Overly Permissive Cross-domain Whitelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Overly Permissive Cross-domain Whitelist.json -------------------------------------------------------------------------------- /template_findings/Overly Restrictive Account Lockout Mechanism.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Overly Restrictive Account Lockout Mechanism.json -------------------------------------------------------------------------------- /template_findings/Overly Restrictive Regular Expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Overly Restrictive Regular Expression.json -------------------------------------------------------------------------------- /template_findings/PHP External Variable Modification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/PHP External Variable Modification.json -------------------------------------------------------------------------------- /template_findings/Partial String Comparison.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Partial String Comparison.json -------------------------------------------------------------------------------- /template_findings/Passing Mutable Objects to an Untrusted Method.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Passing Mutable Objects to an Untrusted Method.json -------------------------------------------------------------------------------- /template_findings/Password Aging with Long Expiration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Password Aging with Long Expiration.json -------------------------------------------------------------------------------- /template_findings/Password field with auto-complete.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Password field with auto-complete.json -------------------------------------------------------------------------------- /template_findings/Password in Configuration File.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Password in Configuration File.json -------------------------------------------------------------------------------- /template_findings/Path Equivalence: Windows 8.3 Filename.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Equivalence: Windows 8.3 Filename.json -------------------------------------------------------------------------------- /template_findings/Path Traversal - [Uploaded Modified Templated Finding].json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal - [Uploaded Modified Templated Finding].json -------------------------------------------------------------------------------- /template_findings/Path Traversal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '...' (Triple Dot).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '...' (Triple Dot).json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '....' (Multiple Dot).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '....' (Multiple Dot).json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '....__'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '....__'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '..._...__'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '..._...__'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '.._filedir'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '.._filedir'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '..filedir'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '..filedir'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '..filename'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '..filename'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: 'C:dirname'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: 'C:dirname'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '_.._filedir'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '_.._filedir'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: '_dir_.._filename'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: '_dir_.._filename'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: 'dir....filename'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: 'dir....filename'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: 'dir..filename'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: 'dir..filename'.json -------------------------------------------------------------------------------- /template_findings/Path Traversal: 'dir_.._.._filename'.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Path Traversal: 'dir_.._.._filename'.json -------------------------------------------------------------------------------- /template_findings/Permission Race Condition During Resource Copy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Permission Race Condition During Resource Copy.json -------------------------------------------------------------------------------- /template_findings/Permissive Regular Expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Permissive Regular Expression.json -------------------------------------------------------------------------------- /template_findings/Permissive Whitelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Permissive Whitelist.json -------------------------------------------------------------------------------- /template_findings/Persistent Cross-Site Scripting (XSS).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Persistent Cross-Site Scripting (XSS).json -------------------------------------------------------------------------------- /template_findings/Phishing Attack .json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Phishing Attack .json -------------------------------------------------------------------------------- /template_findings/Phishing vector.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Phishing vector.json -------------------------------------------------------------------------------- /template_findings/Placement of User into Incorrect Group.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Placement of User into Incorrect Group.json -------------------------------------------------------------------------------- /template_findings/Predictability Problems.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Predictability Problems.json -------------------------------------------------------------------------------- /template_findings/Predictable Exact Value from Previous Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Predictable Exact Value from Previous Values.json -------------------------------------------------------------------------------- /template_findings/Predictable Value Range from Previous Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Predictable Value Range from Previous Values.json -------------------------------------------------------------------------------- /template_findings/Predictable from Observable State.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Predictable from Observable State.json -------------------------------------------------------------------------------- /template_findings/Premature Release of Resource During Expected Lifetime.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Premature Release of Resource During Expected Lifetime.json -------------------------------------------------------------------------------- /template_findings/Private Array-Typed Field Returned From A Public Method.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Private Array-Typed Field Returned From A Public Method.json -------------------------------------------------------------------------------- /template_findings/Private IP address disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Private IP address disclosure.json -------------------------------------------------------------------------------- /template_findings/Privilege Chaining.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Privilege Chaining.json -------------------------------------------------------------------------------- /template_findings/Privilege Context Switching Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Privilege Context Switching Error.json -------------------------------------------------------------------------------- /template_findings/Privilege Defined With Unsafe Actions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Privilege Defined With Unsafe Actions.json -------------------------------------------------------------------------------- /template_findings/Privilege Dropping _ Lowering Errors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Privilege Dropping _ Lowering Errors.json -------------------------------------------------------------------------------- /template_findings/Process Control.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Process Control.json -------------------------------------------------------------------------------- /template_findings/Product UI does not Warn User of Unsafe Actions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Product UI does not Warn User of Unsafe Actions.json -------------------------------------------------------------------------------- /template_findings/Protection Mechanism Failure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Protection Mechanism Failure.json -------------------------------------------------------------------------------- /template_findings/Public Data Assigned to Private Array-Typed Field.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Public Data Assigned to Private Array-Typed Field.json -------------------------------------------------------------------------------- /template_findings/Public Static Field Not Marked Final.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Public Static Field Not Marked Final.json -------------------------------------------------------------------------------- /template_findings/Public Static Final Field References Mutable Object.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Public Static Final Field References Mutable Object.json -------------------------------------------------------------------------------- /template_findings/Publicly writable directory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Publicly writable directory.json -------------------------------------------------------------------------------- /template_findings/Race Condition During Access to Alternate Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Race Condition During Access to Alternate Channel.json -------------------------------------------------------------------------------- /template_findings/Race Condition Enabling Link Following.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Race Condition Enabling Link Following.json -------------------------------------------------------------------------------- /template_findings/Race Condition in Switch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Race Condition in Switch.json -------------------------------------------------------------------------------- /template_findings/Race Condition within a Thread.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Race Condition within a Thread.json -------------------------------------------------------------------------------- /template_findings/Reachable Assertion.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reachable Assertion.json -------------------------------------------------------------------------------- /template_findings/Reflected Cross-Site Scripting (XSS).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reflected Cross-Site Scripting (XSS).json -------------------------------------------------------------------------------- /template_findings/Reflected File Download.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reflected File Download.json -------------------------------------------------------------------------------- /template_findings/Reflection Attack in an Authentication Protocol.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reflection Attack in an Authentication Protocol.json -------------------------------------------------------------------------------- /template_findings/Regular Expression without Anchors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Regular Expression without Anchors.json -------------------------------------------------------------------------------- /template_findings/Regular expression Denial of Service - ReDoS.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Regular expression Denial of Service - ReDoS.json -------------------------------------------------------------------------------- /template_findings/Relative Path Traversal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Relative Path Traversal.json -------------------------------------------------------------------------------- /template_findings/Release of Invalid Pointer or Reference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Release of Invalid Pointer or Reference.json -------------------------------------------------------------------------------- /template_findings/Reliance on Data_Memory Layout.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on Data_Memory Layout.json -------------------------------------------------------------------------------- /template_findings/Reliance on IP Address for Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on IP Address for Authentication.json -------------------------------------------------------------------------------- /template_findings/Reliance on Package-level Scope.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on Package-level Scope.json -------------------------------------------------------------------------------- /template_findings/Reliance on Security Through Obscurity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on Security Through Obscurity.json -------------------------------------------------------------------------------- /template_findings/Reliance on Untrusted Inputs in a Security Decision.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on Untrusted Inputs in a Security Decision.json -------------------------------------------------------------------------------- /template_findings/Reliance on a Single Factor in a Security Decision.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reliance on a Single Factor in a Security Decision.json -------------------------------------------------------------------------------- /template_findings/Remote File Inclusion.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Remote File Inclusion.json -------------------------------------------------------------------------------- /template_findings/Replicating Malicious Code (Virus or Worm).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Replicating Malicious Code (Virus or Worm).json -------------------------------------------------------------------------------- /template_findings/Response Discrepancy Information Exposure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Response Discrepancy Information Exposure.json -------------------------------------------------------------------------------- /template_findings/Response Splitting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Response Splitting.json -------------------------------------------------------------------------------- /template_findings/Return Inside Finally Block.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Return Inside Finally Block.json -------------------------------------------------------------------------------- /template_findings/Return of Pointer Value Outside of Expected Range.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Return of Pointer Value Outside of Expected Range.json -------------------------------------------------------------------------------- /template_findings/Return of Stack Variable Address.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Return of Stack Variable Address.json -------------------------------------------------------------------------------- /template_findings/Return of Wrong Status Code.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Return of Wrong Status Code.json -------------------------------------------------------------------------------- /template_findings/Returning a Mutable Object to an Untrusted Caller.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Returning a Mutable Object to an Untrusted Caller.json -------------------------------------------------------------------------------- /template_findings/Reusing a Nonce, Key Pair in Encryption.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reusing a Nonce, Key Pair in Encryption.json -------------------------------------------------------------------------------- /template_findings/Reversible One-Way Hash.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Reversible One-Way Hash.json -------------------------------------------------------------------------------- /template_findings/SNMP Configured with Default Password.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SNMP Configured with Default Password.json -------------------------------------------------------------------------------- /template_findings/SQL Injection - [Uploaded Modified Templated Finding].json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SQL Injection - [Uploaded Modified Templated Finding].json -------------------------------------------------------------------------------- /template_findings/SQL Injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SQL Injection.json -------------------------------------------------------------------------------- /template_findings/SQL Injection: Hibernate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SQL Injection: Hibernate.json -------------------------------------------------------------------------------- /template_findings/SSH Server Configuration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SSH Server Configuration.json -------------------------------------------------------------------------------- /template_findings/SSL Server Supports SSLv2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/SSL Server Supports SSLv2.json -------------------------------------------------------------------------------- /template_findings/Same Seed in Pseudo-Random Number Generator (PRNG).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Same Seed in Pseudo-Random Number Generator (PRNG).json -------------------------------------------------------------------------------- /template_findings/Self-signed TLS_SSL certificate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Self-signed TLS_SSL certificate.json -------------------------------------------------------------------------------- /template_findings/Sensitive Data Storage in Improperly Locked Memory.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Sensitive Data Storage in Improperly Locked Memory.json -------------------------------------------------------------------------------- /template_findings/Sensitive Data Under FTP Root.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Sensitive Data Under FTP Root.json -------------------------------------------------------------------------------- /template_findings/Sensitive Data Under Web Root.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Sensitive Data Under Web Root.json -------------------------------------------------------------------------------- /template_findings/Sensitive Information Uncleared Before Release.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Sensitive Information Uncleared Before Release.json -------------------------------------------------------------------------------- /template_findings/Serializable Class Containing Sensitive Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Serializable Class Containing Sensitive Data.json -------------------------------------------------------------------------------- /template_findings/Server-Side Request Forgery (SSRF).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Server-Side Request Forgery (SSRF).json -------------------------------------------------------------------------------- /template_findings/Session Fixation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Session Fixation.json -------------------------------------------------------------------------------- /template_findings/Session fixation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Session fixation.json -------------------------------------------------------------------------------- /template_findings/ShellShock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/ShellShock.json -------------------------------------------------------------------------------- /template_findings/Signal Handler Race Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Signal Handler Race Condition.json -------------------------------------------------------------------------------- /template_findings/Signal Handler Use of a Non-reentrant Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Signal Handler Use of a Non-reentrant Function.json -------------------------------------------------------------------------------- /template_findings/Signed to Unsigned Conversion Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Signed to Unsigned Conversion Error.json -------------------------------------------------------------------------------- /template_findings/Small Seed Space in PRNG.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Small Seed Space in PRNG.json -------------------------------------------------------------------------------- /template_findings/Small Space of Random Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Small Space of Random Values.json -------------------------------------------------------------------------------- /template_findings/Source code disclosure.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Source code disclosure.json -------------------------------------------------------------------------------- /template_findings/Spyware.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Spyware.json -------------------------------------------------------------------------------- /template_findings/Stack-based Buffer Overflow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Stack-based Buffer Overflow.json -------------------------------------------------------------------------------- /template_findings/Storing Passwords in a Recoverable Format.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Storing Passwords in a Recoverable Format.json -------------------------------------------------------------------------------- /template_findings/Struts: Duplicate Validation Forms.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Duplicate Validation Forms.json -------------------------------------------------------------------------------- /template_findings/Struts: Form Bean Does Not Extend Validation Class.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Form Bean Does Not Extend Validation Class.json -------------------------------------------------------------------------------- /template_findings/Struts: Form Field Without Validator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Form Field Without Validator.json -------------------------------------------------------------------------------- /template_findings/Struts: Incomplete validate() Method Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Incomplete validate() Method Definition.json -------------------------------------------------------------------------------- /template_findings/Struts: Non-private Field in ActionForm Class.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Non-private Field in ActionForm Class.json -------------------------------------------------------------------------------- /template_findings/Struts: Plug-in Framework not in Use.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Plug-in Framework not in Use.json -------------------------------------------------------------------------------- /template_findings/Struts: Unused Validation Form.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Unused Validation Form.json -------------------------------------------------------------------------------- /template_findings/Struts: Unvalidated Action Form.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Unvalidated Action Form.json -------------------------------------------------------------------------------- /template_findings/Struts: Validator Turned Off.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Validator Turned Off.json -------------------------------------------------------------------------------- /template_findings/Struts: Validator Without Form Field.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Struts: Validator Without Form Field.json -------------------------------------------------------------------------------- /template_findings/Suspicious Comment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Suspicious Comment.json -------------------------------------------------------------------------------- /template_findings/Symbolic Name not Mapping to Correct Object.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Symbolic Name not Mapping to Correct Object.json -------------------------------------------------------------------------------- /template_findings/The UI Performs the Wrong Action.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/The UI Performs the Wrong Action.json -------------------------------------------------------------------------------- /template_findings/Time-of-check Time-of-use (TOCTOU) Race Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Time-of-check Time-of-use (TOCTOU) Race Condition.json -------------------------------------------------------------------------------- /template_findings/Tomcat Manager with Default or Blank Passwords.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Tomcat Manager with Default or Blank Passwords.json -------------------------------------------------------------------------------- /template_findings/Trapdoor.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Trapdoor.json -------------------------------------------------------------------------------- /template_findings/Trojan Horse.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Trojan Horse.json -------------------------------------------------------------------------------- /template_findings/Truncation of Security-relevant Information.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Truncation of Security-relevant Information.json -------------------------------------------------------------------------------- /template_findings/Trust Boundary Violation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Trust Boundary Violation.json -------------------------------------------------------------------------------- /template_findings/Trust of System Event Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Trust of System Event Data.json -------------------------------------------------------------------------------- /template_findings/Trusting HTTP Permission Methods on the Server Side.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Trusting HTTP Permission Methods on the Server Side.json -------------------------------------------------------------------------------- /template_findings/UI Discrepancy for Security Feature.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/UI Discrepancy for Security Feature.json -------------------------------------------------------------------------------- /template_findings/UNIX Hard Link.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/UNIX Hard Link.json -------------------------------------------------------------------------------- /template_findings/UNIX Symbolic Link (Symlink) Following.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/UNIX Symbolic Link (Symlink) Following.json -------------------------------------------------------------------------------- /template_findings/Uncaught Exception in Servlet .json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncaught Exception in Servlet .json -------------------------------------------------------------------------------- /template_findings/Uncaught Exception.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncaught Exception.json -------------------------------------------------------------------------------- /template_findings/Unchecked Error Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unchecked Error Condition.json -------------------------------------------------------------------------------- /template_findings/Unchecked Input for Loop Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unchecked Input for Loop Condition.json -------------------------------------------------------------------------------- /template_findings/Unchecked Return Value to NULL Pointer Dereference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unchecked Return Value to NULL Pointer Dereference.json -------------------------------------------------------------------------------- /template_findings/Unchecked Return Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unchecked Return Value.json -------------------------------------------------------------------------------- /template_findings/Uncontrolled File Descriptor Consumption.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncontrolled File Descriptor Consumption.json -------------------------------------------------------------------------------- /template_findings/Uncontrolled Memory Allocation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncontrolled Memory Allocation.json -------------------------------------------------------------------------------- /template_findings/Uncontrolled Recursion.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncontrolled Recursion.json -------------------------------------------------------------------------------- /template_findings/Uncontrolled Search Path Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Uncontrolled Search Path Element.json -------------------------------------------------------------------------------- /template_findings/Undefined Behavior for Input to API.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Undefined Behavior for Input to API.json -------------------------------------------------------------------------------- /template_findings/Unencrypted Backups Tapes (Storage Closet).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unencrypted Backups Tapes (Storage Closet).json -------------------------------------------------------------------------------- /template_findings/Unencrypted password form.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unencrypted password form.json -------------------------------------------------------------------------------- /template_findings/Unexpected Sign Extension.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unexpected Sign Extension.json -------------------------------------------------------------------------------- /template_findings/Unexpected Status Code or Return Value.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unexpected Status Code or Return Value.json -------------------------------------------------------------------------------- /template_findings/Unimplemented or Unsupported Feature in UI.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unimplemented or Unsupported Feature in UI.json -------------------------------------------------------------------------------- /template_findings/Unlock of a Resource that is not Locked.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unlock of a Resource that is not Locked.json -------------------------------------------------------------------------------- /template_findings/Unmanaged EC2 Bastions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unmanaged EC2 Bastions.json -------------------------------------------------------------------------------- /template_findings/Unparsed Raw Web Content Delivery.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unparsed Raw Web Content Delivery.json -------------------------------------------------------------------------------- /template_findings/Unprotected Alternate Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unprotected Alternate Channel.json -------------------------------------------------------------------------------- /template_findings/Unprotected Primary Channel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unprotected Primary Channel.json -------------------------------------------------------------------------------- /template_findings/Unprotected Storage of Credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unprotected Storage of Credentials.json -------------------------------------------------------------------------------- /template_findings/Unprotected Transport of Credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unprotected Transport of Credentials.json -------------------------------------------------------------------------------- /template_findings/Unquoted Search Path or Element.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unquoted Search Path or Element.json -------------------------------------------------------------------------------- /template_findings/Unrestricted Externally Accessible Lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unrestricted Externally Accessible Lock.json -------------------------------------------------------------------------------- /template_findings/Unrestricted Upload of File with Dangerous Type.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unrestricted Upload of File with Dangerous Type.json -------------------------------------------------------------------------------- /template_findings/Unrestricted file upload.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unrestricted file upload.json -------------------------------------------------------------------------------- /template_findings/Unsafe ActiveX Control Marked Safe For Scripting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unsafe ActiveX Control Marked Safe For Scripting.json -------------------------------------------------------------------------------- /template_findings/Unsigned to Signed Conversion Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unsigned to Signed Conversion Error.json -------------------------------------------------------------------------------- /template_findings/Untrusted Pointer Dereference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Untrusted Pointer Dereference.json -------------------------------------------------------------------------------- /template_findings/Untrusted Search Path.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Untrusted Search Path.json -------------------------------------------------------------------------------- /template_findings/Unvalidated DOM redirect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unvalidated DOM redirect.json -------------------------------------------------------------------------------- /template_findings/Unvalidated redirect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unvalidated redirect.json -------------------------------------------------------------------------------- /template_findings/Unverified Ownership.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unverified Ownership.json -------------------------------------------------------------------------------- /template_findings/Unverified Password Change.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Unverified Password Change.json -------------------------------------------------------------------------------- /template_findings/Use After Free.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use After Free.json -------------------------------------------------------------------------------- /template_findings/Use of Client-Side Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Client-Side Authentication.json -------------------------------------------------------------------------------- /template_findings/Use of Expired File Descriptor.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Expired File Descriptor.json -------------------------------------------------------------------------------- /template_findings/Use of Externally-Controlled Format String.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Externally-Controlled Format String.json -------------------------------------------------------------------------------- /template_findings/Use of Function with Inconsistent Implementations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Function with Inconsistent Implementations.json -------------------------------------------------------------------------------- /template_findings/Use of Hard-coded Credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Hard-coded Credentials.json -------------------------------------------------------------------------------- /template_findings/Use of Hard-coded Cryptographic Key.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Hard-coded Cryptographic Key.json -------------------------------------------------------------------------------- /template_findings/Use of Hard-coded Password.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Hard-coded Password.json -------------------------------------------------------------------------------- /template_findings/Use of Hard-coded, Security-relevant Constants.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Hard-coded, Security-relevant Constants.json -------------------------------------------------------------------------------- /template_findings/Use of Implicit Intent for Sensitive Communication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Implicit Intent for Sensitive Communication.json -------------------------------------------------------------------------------- /template_findings/Use of Incorrect Byte Ordering.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Incorrect Byte Ordering.json -------------------------------------------------------------------------------- /template_findings/Use of Incorrect Operator.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Incorrect Operator.json -------------------------------------------------------------------------------- /template_findings/Use of Incorrectly-Resolved Name or Reference.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Incorrectly-Resolved Name or Reference.json -------------------------------------------------------------------------------- /template_findings/Use of Inherently Dangerous Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Inherently Dangerous Function.json -------------------------------------------------------------------------------- /template_findings/Use of Inner Class Containing Sensitive Data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Inner Class Containing Sensitive Data.json -------------------------------------------------------------------------------- /template_findings/Use of Insufficiently Random Values.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Insufficiently Random Values.json -------------------------------------------------------------------------------- /template_findings/Use of Less Trusted Source.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Less Trusted Source.json -------------------------------------------------------------------------------- /template_findings/Use of Low-Level Functionality.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Low-Level Functionality.json -------------------------------------------------------------------------------- /template_findings/Use of Multiple Resources with Duplicate Identifier.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Multiple Resources with Duplicate Identifier.json -------------------------------------------------------------------------------- /template_findings/Use of Obsolete Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Obsolete Function.json -------------------------------------------------------------------------------- /template_findings/Use of Out-of-range Pointer Offset.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Out-of-range Pointer Offset.json -------------------------------------------------------------------------------- /template_findings/Use of Password System for Primary Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Password System for Primary Authentication.json -------------------------------------------------------------------------------- /template_findings/Use of Pointer Subtraction to Determine Size.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Pointer Subtraction to Determine Size.json -------------------------------------------------------------------------------- /template_findings/Use of Potentially Dangerous Function.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Potentially Dangerous Function.json -------------------------------------------------------------------------------- /template_findings/Use of RSA Algorithm without OAEP.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of RSA Algorithm without OAEP.json -------------------------------------------------------------------------------- /template_findings/Use of Single-factor Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Single-factor Authentication.json -------------------------------------------------------------------------------- /template_findings/Use of Uninitialized Resource.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Uninitialized Resource.json -------------------------------------------------------------------------------- /template_findings/Use of Uninitialized Variable.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Uninitialized Variable.json -------------------------------------------------------------------------------- /template_findings/Use of Wrong Operator in String Comparison.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of Wrong Operator in String Comparison.json -------------------------------------------------------------------------------- /template_findings/Use of a Broken or Risky Cryptographic Algorithm.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of a Broken or Risky Cryptographic Algorithm.json -------------------------------------------------------------------------------- /template_findings/Use of a Key Past its Expiration Date.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of a Key Past its Expiration Date.json -------------------------------------------------------------------------------- /template_findings/Use of a One-Way Hash with a Predictable Salt.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of a One-Way Hash with a Predictable Salt.json -------------------------------------------------------------------------------- /template_findings/Use of a One-Way Hash without a Salt.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of a One-Way Hash without a Salt.json -------------------------------------------------------------------------------- /template_findings/Use of getlogin() in Multithreaded Application.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of getlogin() in Multithreaded Application.json -------------------------------------------------------------------------------- /template_findings/Use of sizeof() on a Pointer Type.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of sizeof() on a Pointer Type.json -------------------------------------------------------------------------------- /template_findings/Use of umask() with chmod-style Argument.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Use of umask() with chmod-style Argument.json -------------------------------------------------------------------------------- /template_findings/Using Referer Field for Authentication.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Using Referer Field for Authentication.json -------------------------------------------------------------------------------- /template_findings/Variable Extraction Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Variable Extraction Error.json -------------------------------------------------------------------------------- /template_findings/Violation of Secure Design Principles.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Violation of Secure Design Principles.json -------------------------------------------------------------------------------- /template_findings/Weak Cryptography for Passwords.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Weak Cryptography for Passwords.json -------------------------------------------------------------------------------- /template_findings/Weak Password Requirements.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Weak Password Requirements.json -------------------------------------------------------------------------------- /template_findings/Weak SA Password on MSSQL Server.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Weak SA Password on MSSQL Server.json -------------------------------------------------------------------------------- /template_findings/WebDAV.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/WebDAV.json -------------------------------------------------------------------------------- /template_findings/Windows Hard Link.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Windows Hard Link.json -------------------------------------------------------------------------------- /template_findings/Windows Shortcut Following (.LNK).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Windows Shortcut Following (.LNK).json -------------------------------------------------------------------------------- /template_findings/Wrap-around Error.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Wrap-around Error.json -------------------------------------------------------------------------------- /template_findings/Write-what-where Condition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/Write-what-where Condition.json -------------------------------------------------------------------------------- /template_findings/X-Content-Type-Options header missing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/X-Content-Type-Options header missing.json -------------------------------------------------------------------------------- /template_findings/XML External Entity (XXE) Processing .json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/XML External Entity (XXE) Processing .json -------------------------------------------------------------------------------- /template_findings/XML External Entity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/XML External Entity.json -------------------------------------------------------------------------------- /template_findings/XML Injection (aka Blind XPath Injection).json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/XML Injection (aka Blind XPath Injection).json -------------------------------------------------------------------------------- /template_findings/XPath Injection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/XPath Injection.json -------------------------------------------------------------------------------- /template_findings/clone() Method Without super.clone().json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/clone() Method Without super.clone().json -------------------------------------------------------------------------------- /template_findings/finalize() Method Declared Public.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/finalize() Method Declared Public.json -------------------------------------------------------------------------------- /template_findings/finalize() Method Without super.finalize().json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_findings/finalize() Method Without super.finalize().json -------------------------------------------------------------------------------- /template_reports/MoJ CVSS Report - API.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_reports/MoJ CVSS Report - API.docx -------------------------------------------------------------------------------- /template_reports/MoJ CVSS Report - Build Review.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_reports/MoJ CVSS Report - Build Review.docx -------------------------------------------------------------------------------- /template_reports/MoJ CVSS Report - Firewall Configuration Review.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_reports/MoJ CVSS Report - Firewall Configuration Review.docx -------------------------------------------------------------------------------- /template_reports/MoJ CVSS Report - Web.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ministryofjustice/serpico-templates/HEAD/template_reports/MoJ CVSS Report - Web.docx --------------------------------------------------------------------------------