App Vulnerabilities: Insecure Coding - Paiet/SEC-335 GitHub Wiki

  • Insecure code practices
    • Comments in source code
    • Lack of error handling
    • Overly verbose error handling
    • Hard-coded credentials
    • Race conditions
    • Unauthorized use of functions/unprotected APIs
    • Hidden elements
      • Sensitive information in the DOM
    • Lack of code signing