Vulnerability Categories
Detectify detects a wide range of vulnerability types across web applications, APIs, and infrastructure. Each finding is classified using CWE (Common Weakness Enumeration) identifiers — the industry-standard taxonomy for categorizing security weaknesses. See the full list of covered CWEs in the Detectify test catalogue .
Injection Vulnerabilities
Cross-Site Scripting (XSS)
XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. Detectify tests for:
- Reflected XSS — Malicious input is reflected back in the response without proper sanitization
- Stored XSS — Malicious input is persisted (for example, in a database) and served to other users
- DOM-based XSS — Client-side JavaScript processes untrusted data in an unsafe way
Related CWE: CWE-79
SQL Injection (SQLi)
SQL injection occurs when user input is incorporated into SQL queries without proper parameterization. Attackers can extract, modify, or delete database contents. Detectify tests for error-based, blind, and time-based SQL injection across various database engines.
Related CWEs: CWE-89 , CWE-943
Server-Side Request Forgery (SSRF)
SSRF vulnerabilities allow attackers to make the server issue requests to arbitrary destinations, including internal services that are not directly accessible. This can lead to access to metadata services, internal APIs, and cloud provider credentials.
Related CWE: CWE-918
Remote Code Execution (RCE)
RCE vulnerabilities allow attackers to execute arbitrary code on the server. These are typically the most critical findings and can result from deserialization flaws, template injection, or other server-side weaknesses.
Related CWEs: CWE-94 , CWE-502 , CWE-1336
Command Injection
Command injection occurs when user input is passed to operating system commands without proper sanitization. Attackers can execute arbitrary system commands, potentially gaining full control of the server.
Path Traversal
Path traversal (also called directory traversal) allows attackers to access files outside the intended directory by manipulating file path parameters. This can expose configuration files, source code, or sensitive system files.
Related CWEs: CWE-22 , CWE-23 , CWE-36
XML External Entity (XXE)
XXE vulnerabilities exist in applications that parse XML input. An attacker can define external entities that read local files, make network requests, or cause denial of service.
Related CWE: CWE-611
Prompt Injection
Prompt injection targets applications that integrate large language models (LLMs). Attackers craft inputs that manipulate the LLM’s behavior, potentially bypassing safety controls, extracting system prompts, or causing unintended actions. Detectify tests for prompt injection in both web application forms and API endpoints.
Related CWE: CWE-1336
Additional Injection Types
| Vulnerability | Description | CWE |
|---|---|---|
| LDAP Injection | Injection into LDAP queries used for directory lookups and authentication | CWE-90 |
| CRLF Injection | Injection of carriage return and line feed characters to manipulate HTTP headers or response splitting | CWE-93 |
| Server-Side Template Injection (SSTI) | Injection into server-side template engines that can lead to remote code execution | CWE-1336 |
| XPath Injection | Injection into XPath queries used to navigate XML documents | CWE-91 |
Authentication and Access Control
Detectify identifies weaknesses in authentication and authorization mechanisms:
- Authentication bypass — Accessing resources without proper credentials (CWE-287 , CWE-306 )
- Broken access control — Accessing resources beyond assigned privileges (CWE-284 , CWE-285 )
- Default credentials — Services accessible with known default username/password combinations (CWE-798 )
- CSRF — Cross-site request forgery, forcing authenticated users to perform unintended actions (CWE-352 )
Information Disclosure
Detectify identifies cases where applications inadvertently reveal sensitive data:
- Sensitive data in responses — Credentials, API keys, internal paths, or PII exposed in web responses (CWE-200 )
- Directory listings — Web server directories exposed without index files (CWE-548 )
- Verbose error messages — Stack traces or debug information revealed to users (CWE-209 )
- Sensitive file exposure — Backup files, configuration files, or source code accessible via the web (CWE-538 )
Infrastructure Vulnerabilities
Subdomain Takeover
Subdomain takeover occurs when a DNS record points to a service that has been deprovisioned. An attacker can claim the orphaned service and serve malicious content on your subdomain. Detectify monitors for dangling DNS records across common cloud providers.
SSL/TLS Issues
SSL/TLS vulnerabilities include:
- Expired or soon-to-expire certificates
- Weak cipher suites (CWE-326 )
- Outdated protocol versions (SSLv3, TLS 1.0, TLS 1.1)
- Missing or misconfigured HSTS headers
- Certificate chain issues (CWE-295 )
Security Misconfiguration
Detectify detects security misconfigurations across the application stack, including exposed admin panels, default configurations, missing security headers, and overly permissive CORS policies.
Related CWE: CWE-16
CWE Coverage
Detectify maps all findings to CWE identifiers. The table below shows the top CWEs covered. Click any CWE to see the corresponding tests in the test catalogue .
| CWE | Description |
|---|---|
| CWE-200 | Exposure of Sensitive Information |
| CWE-79 | Cross-Site Scripting (XSS) |
| CWE-16 | Configuration |
| CWE-94 | Code Injection |
| CWE-89 | SQL Injection |
| CWE-23 | Relative Path Traversal |
| CWE-918 | Server-Side Request Forgery (SSRF) |
| CWE-601 | URL Redirection to Untrusted Site |
| CWE-306 | Missing Authentication for Critical Function |
| CWE-287 | Improper Authentication |
| CWE-1336 | Template Injection |
| CWE-284 | Improper Access Control |
| CWE-78 | OS Command Injection |
| CWE-611 | XML External Entity (XXE) |
| CWE-22 | Path Traversal |
| CWE-755 | Improper Handling of Exceptional Conditions |
| CWE-288 | Authentication Bypass Using Alternate Path |
| CWE-538 | Insertion of Sensitive Information into Externally-Accessible File |
| CWE-20 | Improper Input Validation |
| CWE-548 | Exposure of Information Through Directory Listing |
CWE/SANS Top 25 Coverage
Detectify covers the majority of the CWE/SANS Top 25 Most Dangerous Software Weaknesses that are detectable through runtime testing, including:
- CWE-79 (XSS), CWE-89 (SQL Injection), CWE-78 (OS Command Injection)
- CWE-22 (Path Traversal), CWE-352 (CSRF), CWE-434 (Unrestricted Upload)
- CWE-502 (Deserialization), CWE-918 (SSRF), CWE-611 (XXE)
- CWE-287 (Improper Authentication), CWE-862 /CWE-863 (Missing/Incorrect Authorization)
- CWE-20 (Improper Input Validation), CWE-306 (Missing Authentication)
Weaknesses primarily detectable through source code analysis — such as CWE-787 (Out-of-bounds Write), CWE-416 (Use After Free), and CWE-476 (NULL Pointer Dereference) — are outside the scope of DAST testing.