Bugsy

DEMO
Back to Marketing
DU

Demo User

demo@acmebank.com

Back to Projects

Payment Gateway API

Core payment processing API handling credit card transactions and ACH payments

Project Details

Repository
github.com/acmebank/payment-gateway
Framework
FastAPI
Languages
PythonJavaScript
Last Scan
4/16/2024
completed

Security Findings

3
Critical
4
High
5
Medium
2
Low
14
Total Findings

Security Findings (14 of 14)

SQL Injection vulnerability in payment validation

Security vulnerability found in src/api/payments.py. This is a critical issue that requires immediate attention.

critical
src/api/payments.py:50
CWE-89
99% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Hardcoded API key in configuration

Security vulnerability found in config/settings.py. This is a critical issue that requires immediate attention.

critical
config/settings.py:491
CWE-798
81% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Missing input validation on amount field

Security vulnerability found in src/api/transactions.py. This is a critical issue that requires immediate attention.

critical
src/api/transactions.py:273
CWE-20
88% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Cross-site scripting (XSS) in user profile

Security vulnerability found in src/components/Profile.jsx. This is a high-priority security concern.

high
src/components/Profile.jsx:392
CWE-79
83% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Insecure direct object reference

Security vulnerability found in src/api/accounts.py. This is a high-priority security concern.

high
src/api/accounts.py:100
CWE-639
96% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Weak password requirements

Security vulnerability found in src/auth/validators.py. This is a high-priority security concern.

high
src/auth/validators.py:406
CWE-521
79% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Missing CSRF protection

Security vulnerability found in src/middleware/csrf.py. This is a high-priority security concern.

high
src/middleware/csrf.py:256
CWE-352
97% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Information disclosure in error messages

Security vulnerability found in src/utils/errors.py. This issue should be addressed in the next development cycle.

medium
src/utils/errors.py:334
CWE-209
89% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Race condition in transaction processing

Security vulnerability found in src/api/transactions.py. This issue should be addressed in the next development cycle.

medium
src/api/transactions.py:312
CWE-362
94% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Buffer overflow in data parsing

Security vulnerability found in src/parsers/xml.c. This issue should be addressed in the next development cycle.

medium
src/parsers/xml.c:443
CWE-120
86% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Improper authentication handling

Security vulnerability found in src/auth/middleware.py. This issue should be addressed in the next development cycle.

medium
src/auth/middleware.py:484
CWE-287
77% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Path traversal vulnerability

Security vulnerability found in src/api/files.py. This issue should be addressed in the next development cycle.

medium
src/api/files.py:381
CWE-22
93% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Unvalidated redirect and forward

Security vulnerability found in src/controllers/redirect.py. This is a low-priority issue that can be addressed when convenient.

low
src/controllers/redirect.py:291
CWE-601
87% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Insufficient session expiration

Security vulnerability found in src/auth/sessions.py. This is a low-priority issue that can be addressed when convenient.

low
src/auth/sessions.py:335
CWE-613
77% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.