Bugsy

DEMO
Back to Marketing
DU

Demo User

demo@acmebank.com

Back to Projects

Mobile Banking App

iOS and Android app for mobile banking with biometric authentication

Project Details

Repository
github.com/acmebank/mobile-app
Framework
React Native
Languages
SwiftKotlinJavaScript
Last Scan
4/15/2024
completed

Security Findings

2
Critical
3
High
4
Medium
5
Low
14
Total Findings

Security Findings (14 of 14)

SQL Injection vulnerability in payment validation

Security vulnerability found in src/api/payments.py. This is a critical issue that requires immediate attention.

critical
src/api/payments.py:372
CWE-89
88% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Hardcoded API key in configuration

Security vulnerability found in config/settings.py. This is a critical issue that requires immediate attention.

critical
config/settings.py:160
CWE-798
72% confidence
Recommendation: Immediately patch this vulnerability by following security best practices.

Missing input validation on amount field

Security vulnerability found in src/api/transactions.py. This is a high-priority security concern.

high
src/api/transactions.py:221
CWE-20
96% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Cross-site scripting (XSS) in user profile

Security vulnerability found in src/components/Profile.jsx. This is a high-priority security concern.

high
src/components/Profile.jsx:171
CWE-79
72% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Insecure direct object reference

Security vulnerability found in src/api/accounts.py. This is a high-priority security concern.

high
src/api/accounts.py:51
CWE-639
99% confidence
Recommendation: Prioritize fixing this vulnerability by following security best practices.

Weak password requirements

Security vulnerability found in src/auth/validators.py. This issue should be addressed in the next development cycle.

medium
src/auth/validators.py:207
CWE-521
78% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Missing CSRF protection

Security vulnerability found in src/middleware/csrf.py. This issue should be addressed in the next development cycle.

medium
src/middleware/csrf.py:458
CWE-352
88% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Information disclosure in error messages

Security vulnerability found in src/utils/errors.py. This issue should be addressed in the next development cycle.

medium
src/utils/errors.py:419
CWE-209
92% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Race condition in transaction processing

Security vulnerability found in src/api/transactions.py. This issue should be addressed in the next development cycle.

medium
src/api/transactions.py:361
CWE-362
90% confidence
Recommendation: Schedule remediation for this vulnerability by following security best practices.

Buffer overflow in data parsing

Security vulnerability found in src/parsers/xml.c. This is a low-priority issue that can be addressed when convenient.

low
src/parsers/xml.c:356
CWE-120
98% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Improper authentication handling

Security vulnerability found in src/auth/middleware.py. This is a low-priority issue that can be addressed when convenient.

low
src/auth/middleware.py:260
CWE-287
99% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Path traversal vulnerability

Security vulnerability found in src/api/files.py. This is a low-priority issue that can be addressed when convenient.

low
src/api/files.py:228
CWE-22
87% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Unvalidated redirect and forward

Security vulnerability found in src/controllers/redirect.py. This is a low-priority issue that can be addressed when convenient.

low
src/controllers/redirect.py:261
CWE-601
88% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.

Insufficient session expiration

Security vulnerability found in src/auth/sessions.py. This is a low-priority issue that can be addressed when convenient.

low
src/auth/sessions.py:217
CWE-613
84% confidence
Recommendation: Consider addressing this vulnerability by following security best practices.