This filter matches findings from some of the most dangerous vulnerability categories. The results are limited to High and Medium severity vulnerabilities. Results with specific sources are removed from the findings. The specific vulnerability categories which are included in this filter are:
Vulnerability.CrossSiteScripting
Vulnerability.CrossSiteScripting.Reflected
Vulnerability.CrossSiteScripting.Stored
Vulnerability.Injection.OS
Vulnerability.Injection.LDAP
Vulnerability.Injection.SQL
Vulnerability.Injection.Mail
This filter limits the findings to specific vulnerability types and sources with one of these properties:
Technology.Communications.HTTP
Technology.Communications.IP
Technology.Communications.RCP
Technology.Communications.TCP
Technology.Communications.UDP
Technology.Communications.WebService
This filter contains findings from a broader range of important vulnerability categories. The findings are limited to High and Medium severities with Definitive or Suspect classifications. The specific categories which are included in this filter are:
Vulnerability.AppDOS
Vulnerability.Authentication.Credentials.Unprotected
Vulnerability.BufferOverflow
Vulnerability.BufferOverflow.FormatString
Vulnerability.BufferOverflow.ArrayIndexOutOfBounds
Vulnerability.BufferOverflow.BufferSizeOutOfBounds
Vulnerability.BufferOverflow.IntegerOverflow
Vulnerability.BufferOverflow.Internal
Vulnerability.CrossSiteRequestForgery
Vulnerability.CrossSiteScripting
Vulnerability.CrossSiteScripting.Reflected
Vulnerability.CrossSiteScripting.Stored
Vulnerability.FileUpload
Vulnerability.Injection
Vulnerability.Injection.LDAP
Vulnerability.Injection.OS
Vulnerability.Injection.SQL
Vulnerability.Injection.XML
Vulnerability.Injection.XPath
Vulnerability.Malicious.EasterEgg
Vulnerability.Malicious.Trigger
Vulnerability.Malicious.Trojan
Vulnerability.PathTraversal
Vulnerability.Validation.EncodingRequired
Vulnerability.Validation.EncodingRequired.Struts
This filter focuses on vulnerability types related to the CWE/SANS TOP 25 Most Dangerous Software Errors for 2010.
To learn about the 2011 CWE/SANS Top 25 Most Dangerous Software Errors, see http://cwe.mitre.org/top25/.
This filter matches findings which originate from outside the application and across a network. This filter matches findings which originate at any Technology.Communications source.
This filter contains findings with severities of Low and Informational. All classifications (Definitive, Suspect, and Scan Coverage) are included.
This filter causes the results to only include vulnerability types that are related to quality coding practices.
This filter focuses on vulnerability types related to the Open Web Application Security Project (OWASP) Mobile Top 10 Release Candidate v1.0 list.
To learn about OWASP, see https://www.owasp.org/index.php/Main_Page. Links to various OWASP documents and security risks are available at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
This filter focuses on vulnerability types related to the Open Web Application Security Project (OWASP) Top 10 2010 list.
To learn about OWASP, see https://www.owasp.org/index.php/Main_Page. Links to various OWASP documents and security risks are available at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
This filter focuses on vulnerability types related to the Open Web Application Security Project (OWASP) Top 10 2013 list.
To learn about OWASP, see https://www.owasp.org/index.php/Main_Page. Links to various OWASP documents and security risks are available at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
This filter focuses on vulnerability types related to the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2 standard.
See https://www.pcisecuritystandards.org/security_standards/index.php for information.
This filter causes the results to only include Scan Coverage Findings (see Classifications for more information).
This filter focuses on findings from the Validation.EncodingRequired and Validation.EncodingRequired.Struts vulnerability categories. Only findings that originate from a Technology.Communications.HTTP source are included. The findings are limited to High and Medium severities with Definitive or Suspect classifications.
This filter focuses on Validation.Required vulnerabilities for a set of known C and C++ sinks. The findings are limited to High and Medium severities with Definitive or Suspect classifications.
This filter presumes that data coming from certain sources, such as session objects or request attributes, is safe.
This filter lists vulnerabilities that do not contain traces.