- Detect secrets in code
- Identify secrets committed to version control
- Flag hardcoded credentials
- Identify missing authentication checks
- Detect improper authorization patterns
- Flag violations of principle of least privilege
- Identify unencrypted sensitive data
- Detect missing input validation
- Find XSS vulnerabilities through missing output encoding
- Identify SQL injection vulnerabilities
- Detect missing rate limiting
- Identify improper error handling that leaks information
- Find missing input validation in API endpoints
- Identify sensitive information in logs
- Detect missing error logging
- Flag outdated dependencies with known vulnerabilities
- Identify excessive dependencies that increase attack surface
- Detect missing error handling
- Identify potential DoS vulnerabilities
- Find missing timeout configurations
- Identify common security issues through static analysis
- Suggest security improvements in code reviews