In this section, we will walk you through the rules in PUMA scan analyzers to catch security vulnerabilities that can lead to following types of security attacks due to insufficient validation of input:
- Cross-Site request forgery (https://en.wikipedia.org/wiki/Cross-site_request_forgery): Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser
- Path tampering (https://en.wikipedia.org/wiki/Directory_traversal_attack): A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization...