By Lorenzo and 1 other2 authors21 articles
Passwords set programmatically
Hardcoded secret
Flow Access Restriction
Avoid Using HTTP Referer Headers
Email spamming risk
Insecure sharing to external users
Server-side Payload Injection
User Registration Without Limits
LWC Clickjacking on CSS
Import of sensitive fields in Lightning Web Components (LWC)
Direct DOM manipulation in Lightning Web Components (LWC)
Sensitive information storage
Sensitive information logging
Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce