Skip to main content

Introduction

The Contrast analyzers can help you find find many types of vulnerability across many languages and frameworks. Not everything is listed here.

This is a reference section: you do not need to read all the pages#

While you can learn about specific types of vulnerabilities, it's less work for most developers to automate detection and focus learning on the types of vulnerabilities that are in their applications. This way learning is more applicable and directed.

DevSec tools will give you more context when they find these issues in your code. The role of this section is to act as more of a truncated inventory of "what can these tools find."

Popular vulnerability lists#

  1. OWASP Top 10 - a list of common vulnerabilities aimed primarily at web applications.
  2. SANS CWE Top 25 - a list of vulnerabilities at a broader definition of software.
  3. OWASP Mobile Top 10 - a list of vulnerabilities aimed more at mobile apps.