-
Notifications
You must be signed in to change notification settings - Fork 0
/
demo-findings.json
82 lines (82 loc) · 3.07 KB
/
demo-findings.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
[
{
"Status": "Fail",
"Description": "SQL Injection in login form allows unauthorized access to sensitive user data.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A03: Injection",
"ID": 1,
"Notes": "Vulnerable parameter 'username' in the login form."
},
{
"Status": "Exception",
"Description": "Insecure use of weak hashing algorithm (MD5) for password storage.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A02: Cryptographic Failures",
"ID": 2,
"Notes": "Password hashes found to be stored using MD5 in the database."
},
{
"Status": "Remediated",
"Description": "Horizontal privilege escalation allows users to access other users' profiles.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A01: Broken Access Control",
"ID": 3,
"Notes": "Changing the user ID in the URL provides unauthorized access to other user profiles."
},
{
"Status": "Warning",
"Description": "Outdated jQuery library (version 2.2.4) exposes the application to potential vulnerabilities.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A06: Vulnerable and Outdated Components",
"ID": 4,
"Notes": "Update jQuery library to the latest version to mitigate risks."
},
{
"Status": "Remediated",
"Description": "Lack of multi-factor authentication increases the risk of account compromise.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A07: Identification and Authentication Failures",
"ID": 5,
"Notes": "Implement MFA to strengthen account security."
},
{
"Status": "Fail",
"Description": "Unnecessary HTTP methods (PUT, DELETE) are enabled on the server.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A05: Security Misconfiguration",
"ID": 6,
"Notes": "Restrict HTTP methods to only those required by the application."
},
{
"Status": "Warning",
"Description": "Insufficient logging of security events reduces the ability to detect attacks.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A09: Security Logging and Monitoring Failures",
"ID": 7,
"Notes": "Implement comprehensive logging and monitoring for security events."
},
{
"Status": "Exception",
"Description": "Lack of Content Security Policy (CSP) allows for potential cross-site scripting (XSS) attacks.",
"Request": "",
"Host": "example.com",
"Response": "",
"OWASP Top 10": "A04: Insecure Design",
"ID": 8,
"Notes": "Implement a strong Content Security Policy to prevent XSS attacks."
}
]