Detection Categories
Security vulnerability categories detected by Secbez — injection, XSS, access control, IDOR, business logic, and secrets.
Secbez detects vulnerabilities across the following categories.
| Type | Description |
|---|
| SQL injection | User input included in database queries without parameterization |
| Command injection | User input passed to system commands or shell execution |
| Template injection | User input rendered in server-side templates without escaping |
| Type | Description |
|---|
| Reflected XSS | User input reflected back in HTTP responses without sanitization |
| Stored XSS | User input stored and later rendered to other users |
| DOM-based XSS | Client-side JavaScript that writes user input to the DOM unsafely |
| Type | Description |
|---|
| Broken access control | Missing or insufficient authorization checks on sensitive operations |
| IDOR | Insecure direct object references — users can access resources belonging to other users |
| Privilege escalation | Users can elevate their own permissions or roles |
| Missing authentication | Sensitive endpoints accessible without any authentication |
| Type | Description |
|---|
| Race conditions | State-changing operations vulnerable to concurrent execution |
| Workflow bypass | Steps in a multi-step process that can be skipped |
| Data manipulation | Input validation gaps that allow invalid state (e.g., negative quantities) |
| Type | Description |
|---|
| Hardcoded credentials | API keys, passwords, or tokens committed to source code |
| Exposed secrets | Sensitive configuration values in client-accessible code |