vrt 0.10.0 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,75 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to Remediation Advice",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to Remediation Advice",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "type": "null" },
10
+ "keys": { "type": "array",
11
+ "items": { "type": "string", "enum": ["remediation_advice", "references"] },
12
+ "minItems": 2,
13
+ "uniqueItems": true
14
+ }
15
+ },
16
+ "required": ["default", "keys"]
17
+ },
18
+ "VRTid": { "type": "string", "pattern": "^[a-z_]*$" },
19
+ "RemediationAdvice": { "type": "string" },
20
+ "References": { "type" : "array",
21
+ "items" : { "type": "string", "pattern": "^http[s]?:\/\/.*$" },
22
+ "minItems": 1,
23
+ "uniqueItems": true
24
+ },
25
+ "Mapping": {
26
+ "type": "object",
27
+ "properties": {
28
+ "id": { "$ref": "#/definitions/VRTid" },
29
+ "remediation_advice" : { "$ref": "#/definitions/RemediationAdvice" },
30
+ "references" : { "$ref": "#/definitions/References" }
31
+ },
32
+ "required": ["id"],
33
+ "anyOf": [
34
+ { "required": ["remediation_advice"] },
35
+ { "required": ["references"] }
36
+ ],
37
+ "additionalProperties": false
38
+ },
39
+ "MappingParent": {
40
+ "type": "object",
41
+ "properties": {
42
+ "id": { "$ref": "#/definitions/VRTid" },
43
+ "children": {
44
+ "type": "array",
45
+ "items" : {
46
+ "anyOf": [
47
+ { "$ref": "#/definitions/MappingParent" },
48
+ { "$ref": "#/definitions/Mapping" }
49
+ ]
50
+ }
51
+ },
52
+ "remediation_advice" : { "$ref": "#/definitions/RemediationAdvice" },
53
+ "references" : { "$ref": "#/definitions/References" }
54
+ },
55
+ "required": ["id", "children"],
56
+ "additionalProperties": false
57
+ }
58
+ },
59
+ "type": "object",
60
+ "required": ["metadata", "content"],
61
+ "properties": {
62
+ "metadata": {
63
+ "$ref": "#/definitions/MappingMetadata"
64
+ },
65
+ "content": {
66
+ "type": "array",
67
+ "items" : {
68
+ "anyOf": [
69
+ { "$ref": "#/definitions/MappingParent" },
70
+ { "$ref": "#/definitions/Mapping" }
71
+ ]
72
+ }
73
+ }
74
+ }
75
+ }
@@ -0,0 +1,348 @@
1
+ {
2
+ "server_security_misconfiguration": null,
3
+ "server_security_misconfiguration.unsafe_cross_origin_resource_sharing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true",
4
+ "server_security_misconfiguration.path_traversal": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:path_traversal&redirect=true",
5
+ "server_security_misconfiguration.directory_listing_enabled": null,
6
+ "server_security_misconfiguration.directory_listing_enabled.sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:sensitive_data_exposure&redirect=true",
7
+ "server_security_misconfiguration.directory_listing_enabled.non_sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:non_sensitive_data_exposure&redirect=true",
8
+ "server_security_misconfiguration.same_site_scripting": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:same_site_scripting&redirect=true",
9
+ "server_security_misconfiguration.ssl_attack_breach_poodle_etc": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:ssl_attack_breach_poodle_etc&redirect=true",
10
+ "server_security_misconfiguration.using_default_credentials": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:using_default_credentials&redirect=true",
11
+ "server_security_misconfiguration.misconfigured_dns": null,
12
+ "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:basic_subdomain_takeover&redirect=true",
13
+ "server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:high_impact_subdomain_takeover&redirect=true",
14
+ "server_security_misconfiguration.misconfigured_dns.zone_transfer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:zone_transfer&redirect=true",
15
+ "server_security_misconfiguration.misconfigured_dns.missing_caa_record": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:missing_caa_record&redirect=true",
16
+ "server_security_misconfiguration.mail_server_misconfiguration": null,
17
+ "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:no_spoofing_protection_on_email_domain&redirect=true",
18
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain&redirect=true",
19
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_spam_folder": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_to_spam_folder&redirect=true",
20
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:missing_or_misconfigured_spf_and_or_dkim&redirect=true",
21
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_on_non_email_domain&redirect=true",
22
+ "server_security_misconfiguration.dbms_misconfiguration": null,
23
+ "server_security_misconfiguration.dbms_misconfiguration.excessively_privileged_user_dba": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:dbms_misconfiguration:excessively_privileged_user_dba&redirect=true",
24
+ "server_security_misconfiguration.lack_of_password_confirmation": null,
25
+ "server_security_misconfiguration.lack_of_password_confirmation.change_email_address": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:change_email_address&redirect=true",
26
+ "server_security_misconfiguration.lack_of_password_confirmation.change_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:change_password&redirect=true",
27
+ "server_security_misconfiguration.lack_of_password_confirmation.delete_account": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:delete_account&redirect=true",
28
+ "server_security_misconfiguration.lack_of_password_confirmation.manage_two_fa": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:manage_two_fa&redirect=true",
29
+ "server_security_misconfiguration.no_rate_limiting_on_form": null,
30
+ "server_security_misconfiguration.no_rate_limiting_on_form.registration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:registration&redirect=true",
31
+ "server_security_misconfiguration.no_rate_limiting_on_form.login": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:login&redirect=true",
32
+ "server_security_misconfiguration.no_rate_limiting_on_form.email_triggering": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:email_triggering&redirect=true",
33
+ "server_security_misconfiguration.no_rate_limiting_on_form.sms_triggering": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:sms_triggering&redirect=true",
34
+ "server_security_misconfiguration.no_rate_limiting_on_form.change_password": null,
35
+ "server_security_misconfiguration.unsafe_file_upload": null,
36
+ "server_security_misconfiguration.unsafe_file_upload.no_antivirus": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:no_antivirus&redirect=true",
37
+ "server_security_misconfiguration.unsafe_file_upload.no_size_limit": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:no_size_limit&redirect=true",
38
+ "server_security_misconfiguration.unsafe_file_upload.file_extension_filter_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:file_extension_filter_bypass&redirect=true",
39
+ "server_security_misconfiguration.cookie_scoped_to_parent_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:cookie_scoped_to_parent_domain&redirect=true",
40
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag": null,
41
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag.session_token": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_secure_or_httponly_cookie_flag:session_token&redirect=true",
42
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag.non_session_cookie": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_secure_or_httponly_cookie_flag:non_session_cookie&redirect=true",
43
+ "server_security_misconfiguration.clickjacking": null,
44
+ "server_security_misconfiguration.clickjacking.sensitive_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:sensitive_action&redirect=true",
45
+ "server_security_misconfiguration.clickjacking.form_input": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:form_input&redirect=true",
46
+ "server_security_misconfiguration.clickjacking.non_sensitive_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:non_sensitive_action&redirect=true",
47
+ "server_security_misconfiguration.oauth_misconfiguration": null,
48
+ "server_security_misconfiguration.oauth_misconfiguration.account_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:account_takeover&redirect=true",
49
+ "server_security_misconfiguration.oauth_misconfiguration.account_squatting": null,
50
+ "server_security_misconfiguration.oauth_misconfiguration.missing_state_parameter": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:missing_state_parameter&redirect=true",
51
+ "server_security_misconfiguration.oauth_misconfiguration.insecure_redirect_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:insecure_redirect_uri&redirect=true",
52
+ "server_security_misconfiguration.captcha": null,
53
+ "server_security_misconfiguration.captcha.implementation_vulnerability": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:implementation_vulnerability&redirect=true",
54
+ "server_security_misconfiguration.captcha.brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:brute_force&redirect=true",
55
+ "server_security_misconfiguration.captcha.missing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:missing&redirect=true",
56
+ "server_security_misconfiguration.exposed_admin_portal": null,
57
+ "server_security_misconfiguration.exposed_admin_portal.to_internet": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:exposed_admin_portal:to_internet&redirect=true",
58
+ "server_security_misconfiguration.missing_dnssec": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_dnssec&redirect=true",
59
+ "server_security_misconfiguration.fingerprinting_banner_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:fingerprinting_banner_disclosure&redirect=true",
60
+ "server_security_misconfiguration.username_enumeration": null,
61
+ "server_security_misconfiguration.username_enumeration.brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:username_enumeration:brute_force&redirect=true",
62
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled": null,
63
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled.options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:potentially_unsafe_http_method_enabled:options&redirect=true",
64
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled.trace": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:potentially_unsafe_http_method_enabled:trace&redirect=true",
65
+ "server_security_misconfiguration.insecure_ssl": null,
66
+ "server_security_misconfiguration.insecure_ssl.lack_of_forward_secrecy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:lack_of_forward_secrecy&redirect=true",
67
+ "server_security_misconfiguration.insecure_ssl.insecure_cipher_suite": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:insecure_cipher_suite&redirect=true",
68
+ "server_security_misconfiguration.insecure_ssl.certificate_error": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:certificate_error&redirect=true",
69
+ "server_security_misconfiguration.rfd": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:rfd&redirect=true",
70
+ "server_security_misconfiguration.lack_of_security_headers": null,
71
+ "server_security_misconfiguration.lack_of_security_headers.x_frame_options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_frame_options&redirect=true",
72
+ "server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:cache_control_for_a_non_sensitive_page&redirect=true",
73
+ "server_security_misconfiguration.lack_of_security_headers.x_xss_protection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_xss_protection&redirect=true",
74
+ "server_security_misconfiguration.lack_of_security_headers.strict_transport_security": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:strict_transport_security&redirect=true",
75
+ "server_security_misconfiguration.lack_of_security_headers.x_content_type_options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_content_type_options&redirect=true",
76
+ "server_security_misconfiguration.lack_of_security_headers.content_security_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:content_security_policy&redirect=true",
77
+ "server_security_misconfiguration.lack_of_security_headers.public_key_pins": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:public_key_pins&redirect=true",
78
+ "server_security_misconfiguration.lack_of_security_headers.x_content_security_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_content_security_policy&redirect=true",
79
+ "server_security_misconfiguration.lack_of_security_headers.x_webkit_csp": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_webkit_csp&redirect=true",
80
+ "server_security_misconfiguration.lack_of_security_headers.content_security_policy_report_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:content_security_policy_report_only&redirect=true",
81
+ "server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:cache_control_for_a_sensitive_page&redirect=true",
82
+ "server_security_misconfiguration.waf_bypass": null,
83
+ "server_security_misconfiguration.waf_bypass.direct_server_access": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:waf_bypass:direct_server_access&redirect=true",
84
+ "server_security_misconfiguration.race_condition": null,
85
+ "server_security_misconfiguration.cache_poisoning": null,
86
+ "server_security_misconfiguration.bitsquatting": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:bitsquatting&redirect=true",
87
+ "server_side_injection": null,
88
+ "server_side_injection.file_inclusion": null,
89
+ "server_side_injection.file_inclusion.local": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:file_inclusion:local&redirect=true",
90
+ "server_side_injection.parameter_pollution": null,
91
+ "server_side_injection.parameter_pollution.social_media_sharing_buttons": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:parameter_pollution:social_media_sharing_buttons&redirect=true",
92
+ "server_side_injection.remote_code_execution_rce": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:remote_code_execution_rce&redirect=true",
93
+ "server_side_injection.sql_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:sql_injection&redirect=true",
94
+ "server_side_injection.xml_external_entity_injection_xxe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:xml_external_entity_injection_xxe&redirect=true",
95
+ "server_side_injection.http_response_manipulation": null,
96
+ "server_side_injection.http_response_manipulation.response_splitting_crlf": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:http_response_manipulation:response_splitting_crlf&redirect=true",
97
+ "server_side_injection.content_spoofing": null,
98
+ "server_side_injection.content_spoofing.iframe_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:iframe_injection&redirect=true",
99
+ "server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking": null,
100
+ "server_side_injection.content_spoofing.external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:external_authentication_injection&redirect=true",
101
+ "server_side_injection.content_spoofing.flash_based_external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:flash_based_external_authentication_injection&redirect=true",
102
+ "server_side_injection.content_spoofing.email_html_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_html_injection&redirect=true",
103
+ "server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_hyperlink_injection_based_on_email_provider&redirect=true",
104
+ "server_side_injection.content_spoofing.text_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:text_injection&redirect=true",
105
+ "server_side_injection.content_spoofing.homograph_idn_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:homograph_idn_based&redirect=true",
106
+ "server_side_injection.content_spoofing.rtlo": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:rtlo&redirect=true",
107
+ "server_side_injection.ssti": null,
108
+ "server_side_injection.ssti.basic": null,
109
+ "server_side_injection.ssti.custom": null,
110
+ "broken_authentication_and_session_management": null,
111
+ "broken_authentication_and_session_management.authentication_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:authentication_bypass&redirect=true",
112
+ "broken_authentication_and_session_management.two_fa_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:two_fa_bypass&redirect=true",
113
+ "broken_authentication_and_session_management.privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:privilege_escalation&redirect=true",
114
+ "broken_authentication_and_session_management.cleartext_transmission_of_session_token": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:cleartext_transmission_of_session_token&redirect=true",
115
+ "broken_authentication_and_session_management.weak_login_function": null,
116
+ "broken_authentication_and_session_management.weak_login_function.not_operational": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_login_function:not_operational&redirect=true",
117
+ "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_login_function:other_plaintext_protocol_no_secure_alternative&redirect=true",
118
+ "broken_authentication_and_session_management.weak_login_function.over_http": null,
119
+ "broken_authentication_and_session_management.session_fixation": null,
120
+ "broken_authentication_and_session_management.session_fixation.remote_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:remote_attack_vector&redirect=true",
121
+ "broken_authentication_and_session_management.session_fixation.local_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:local_attack_vector&redirect=true",
122
+ "broken_authentication_and_session_management.failure_to_invalidate_session": null,
123
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout&redirect=true",
124
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout_server_side_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout_server_side_only&redirect=true",
125
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_password_change&redirect=true",
126
+ "broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions": null,
127
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_email_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_email_change&redirect=true",
128
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_two_fa_activation_change": null,
129
+ "broken_authentication_and_session_management.failure_to_invalidate_session.long_timeout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:long_timeout&redirect=true",
130
+ "broken_authentication_and_session_management.concurrent_logins": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:concurrent_logins&redirect=true",
131
+ "broken_authentication_and_session_management.weak_registration_implementation": null,
132
+ "broken_authentication_and_session_management.weak_registration_implementation.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_registration_implementation:over_http&redirect=true",
133
+ "sensitive_data_exposure": null,
134
+ "sensitive_data_exposure.disclosure_of_secrets": null,
135
+ "sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset": null,
136
+ "sensitive_data_exposure.disclosure_of_secrets.for_internal_asset": null,
137
+ "sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null,
138
+ "sensitive_data_exposure.disclosure_of_secrets.intentionally_public_sample_or_invalid": null,
139
+ "sensitive_data_exposure.disclosure_of_secrets.data_traffic_spam": null,
140
+ "sensitive_data_exposure.disclosure_of_secrets.non_corporate_user": null,
141
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images": null,
142
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images.automatic_user_enumeration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:exif_geolocation_data_not_stripped_from_uploaded_images:automatic_user_enumeration&redirect=true",
143
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images.manual_user_enumeration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:exif_geolocation_data_not_stripped_from_uploaded_images:manual_user_enumeration&redirect=true",
144
+ "sensitive_data_exposure.visible_detailed_error_page": null,
145
+ "sensitive_data_exposure.visible_detailed_error_page.detailed_server_configuration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:detailed_server_configuration&redirect=true",
146
+ "sensitive_data_exposure.visible_detailed_error_page.full_path_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:full_path_disclosure&redirect=true",
147
+ "sensitive_data_exposure.visible_detailed_error_page.descriptive_stack_trace": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:descriptive_stack_trace&redirect=true",
148
+ "sensitive_data_exposure.disclosure_of_known_public_information": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:disclosure_of_known_public_information&redirect=true",
149
+ "sensitive_data_exposure.token_leakage_via_referer": null,
150
+ "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:trusted_third_party&redirect=true",
151
+ "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:untrusted_third_party&redirect=true",
152
+ "sensitive_data_exposure.token_leakage_via_referer.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:over_http&redirect=true",
153
+ "sensitive_data_exposure.sensitive_token_in_url": null,
154
+ "sensitive_data_exposure.sensitive_token_in_url.user_facing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:user_facing&redirect=true",
155
+ "sensitive_data_exposure.sensitive_token_in_url.in_the_background": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:in_the_background&redirect=true",
156
+ "sensitive_data_exposure.sensitive_token_in_url.on_password_reset": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:on_password_reset&redirect=true",
157
+ "sensitive_data_exposure.non_sensitive_token_in_url": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:non_sensitive_token_in_url&redirect=true",
158
+ "sensitive_data_exposure.weak_password_reset_implementation": null,
159
+ "sensitive_data_exposure.weak_password_reset_implementation.password_reset_token_sent_over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:weak_password_reset_implementation:password_reset_token_sent_over_http&redirect=true",
160
+ "sensitive_data_exposure.weak_password_reset_implementation.token_leakage_via_host_header_poisoning": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:weak_password_reset_implementation:token_leakage_via_host_header_poisoning&redirect=true",
161
+ "sensitive_data_exposure.mixed_content": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:mixed_content&redirect=true",
162
+ "sensitive_data_exposure.sensitive_data_hardcoded": null,
163
+ "sensitive_data_exposure.sensitive_data_hardcoded.oauth_secret": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_data_hardcoded:oauth_secret&redirect=true",
164
+ "sensitive_data_exposure.sensitive_data_hardcoded.file_paths": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_data_hardcoded:file_paths&redirect=true",
165
+ "sensitive_data_exposure.internal_ip_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:internal_ip_disclosure&redirect=true",
166
+ "sensitive_data_exposure.xssi": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:xssi&redirect=true",
167
+ "sensitive_data_exposure.json_hijacking": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:json_hijacking&redirect=true",
168
+ "sensitive_data_exposure.via_localstorage_sessionstorage": null,
169
+ "sensitive_data_exposure.via_localstorage_sessionstorage.sensitive_token": null,
170
+ "sensitive_data_exposure.via_localstorage_sessionstorage.non_sensitive_token": null,
171
+ "cross_site_scripting_xss": null,
172
+ "cross_site_scripting_xss.stored": null,
173
+ "cross_site_scripting_xss.stored.non_admin_to_anyone": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:non_admin_to_anyone&redirect=true",
174
+ "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:privileged_user_to_privilege_elevation&redirect=true",
175
+ "cross_site_scripting_xss.stored.privileged_user_to_no_privilege_elevation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:privileged_user_to_no_privilege_elevation&redirect=true",
176
+ "cross_site_scripting_xss.stored.url_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:url_based&redirect=true",
177
+ "cross_site_scripting_xss.stored.self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:self&redirect=true",
178
+ "cross_site_scripting_xss.reflected": null,
179
+ "cross_site_scripting_xss.reflected.non_self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:reflected:non_self&redirect=true",
180
+ "cross_site_scripting_xss.reflected.self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:reflected:self&redirect=true",
181
+ "cross_site_scripting_xss.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:flash_based&redirect=true",
182
+ "cross_site_scripting_xss.cookie_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:cookie_based&redirect=true",
183
+ "cross_site_scripting_xss.ie_only": null,
184
+ "cross_site_scripting_xss.ie_only.ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:ie_eleven&redirect=true",
185
+ "cross_site_scripting_xss.ie_only.xss_filter_disabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:xss_filter_disabled&redirect=true",
186
+ "cross_site_scripting_xss.ie_only.older_version_ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:older_version_ie_eleven&redirect=true",
187
+ "cross_site_scripting_xss.referer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:referer&redirect=true",
188
+ "cross_site_scripting_xss.trace_method": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:trace_method&redirect=true",
189
+ "cross_site_scripting_xss.universal_uxss": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:universal_uxss&redirect=true",
190
+ "cross_site_scripting_xss.off_domain": null,
191
+ "cross_site_scripting_xss.off_domain.data_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:off_domain:data_uri&redirect=true",
192
+ "broken_access_control": null,
193
+ "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true",
194
+ "broken_access_control.server_side_request_forgery_ssrf": null,
195
+ "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_high_impact&redirect=true",
196
+ "broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_scan_and_or_medium_impact&redirect=true",
197
+ "broken_access_control.server_side_request_forgery_ssrf.external": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:external&redirect=true",
198
+ "broken_access_control.server_side_request_forgery_ssrf.dns_query_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:dns_query_only&redirect=true",
199
+ "broken_access_control.username_enumeration": null,
200
+ "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true",
201
+ "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true",
202
+ "broken_access_control.exposed_sensitive_ios_url_scheme": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_ios_url_scheme&redirect=true",
203
+ "cross_site_request_forgery_csrf": null,
204
+ "cross_site_request_forgery_csrf.application_wide": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:application_wide&redirect=true",
205
+ "cross_site_request_forgery_csrf.action_specific": null,
206
+ "cross_site_request_forgery_csrf.action_specific.authenticated_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:authenticated_action&redirect=true",
207
+ "cross_site_request_forgery_csrf.action_specific.unauthenticated_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:unauthenticated_action&redirect=true",
208
+ "cross_site_request_forgery_csrf.action_specific.logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:logout&redirect=true",
209
+ "cross_site_request_forgery_csrf.csrf_token_not_unique_per_request": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:csrf_token_not_unique_per_request&redirect=true",
210
+ "cross_site_request_forgery_csrf.flash_based": null,
211
+ "application_level_denial_of_service_dos": null,
212
+ "application_level_denial_of_service_dos.critical_impact_and_or_easy_difficulty": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:critical_impact_and_or_easy_difficulty&redirect=true",
213
+ "application_level_denial_of_service_dos.high_impact_and_or_medium_difficulty": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:high_impact_and_or_medium_difficulty&redirect=true",
214
+ "application_level_denial_of_service_dos.app_crash": null,
215
+ "application_level_denial_of_service_dos.app_crash.malformed_android_intents": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:app_crash:malformed_android_intents&redirect=true",
216
+ "application_level_denial_of_service_dos.app_crash.malformed_ios_url_schemes": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:app_crash:malformed_ios_url_schemes&redirect=true",
217
+ "unvalidated_redirects_and_forwards": null,
218
+ "unvalidated_redirects_and_forwards.open_redirect": null,
219
+ "unvalidated_redirects_and_forwards.open_redirect.get_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:get_based&redirect=true",
220
+ "unvalidated_redirects_and_forwards.open_redirect.post_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:post_based&redirect=true",
221
+ "unvalidated_redirects_and_forwards.open_redirect.header_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:header_based&redirect=true",
222
+ "unvalidated_redirects_and_forwards.open_redirect.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:flash_based&redirect=true",
223
+ "unvalidated_redirects_and_forwards.tabnabbing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:tabnabbing&redirect=true",
224
+ "unvalidated_redirects_and_forwards.lack_of_security_speed_bump_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:lack_of_security_speed_bump_page&redirect=true",
225
+ "external_behavior": null,
226
+ "external_behavior.browser_feature": null,
227
+ "external_behavior.browser_feature.plaintext_password_field": null,
228
+ "external_behavior.browser_feature.save_password": null,
229
+ "external_behavior.browser_feature.autocomplete_enabled": null,
230
+ "external_behavior.browser_feature.autocorrect_enabled": null,
231
+ "external_behavior.browser_feature.aggressive_offline_caching": null,
232
+ "external_behavior.csv_injection": null,
233
+ "external_behavior.captcha_bypass": null,
234
+ "external_behavior.captcha_bypass.crowdsourcing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=external_behavior:captcha_bypass:crowdsourcing&redirect=true",
235
+ "external_behavior.system_clipboard_leak": null,
236
+ "external_behavior.system_clipboard_leak.shared_links": null,
237
+ "external_behavior.user_password_persisted_in_memory": null,
238
+ "insufficient_security_configurability": null,
239
+ "insufficient_security_configurability.weak_password_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_policy&redirect=true",
240
+ "insufficient_security_configurability.no_password_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:no_password_policy&redirect=true",
241
+ "insufficient_security_configurability.password_policy_bypass": null,
242
+ "insufficient_security_configurability.weak_password_reset_implementation": null,
243
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_use": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_use&redirect=true",
244
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_email_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_email_change&redirect=true",
245
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_password_change&redirect=true",
246
+ "insufficient_security_configurability.weak_password_reset_implementation.token_has_long_timed_expiry": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_has_long_timed_expiry&redirect=true",
247
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_new_token_is_requested": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_new_token_is_requested&redirect=true",
248
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_login": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_login&redirect=true",
249
+ "insufficient_security_configurability.verification_of_contact_method_not_required": null,
250
+ "insufficient_security_configurability.lack_of_notification_email": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:lack_of_notification_email&redirect=true",
251
+ "insufficient_security_configurability.weak_registration_implementation": null,
252
+ "insufficient_security_configurability.weak_registration_implementation.allows_disposable_email_addresses": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_registration_implementation:allows_disposable_email_addresses&redirect=true",
253
+ "insufficient_security_configurability.weak_two_fa_implementation": null,
254
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_cannot_be_rotated": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:two_fa_secret_cannot_be_rotated&redirect=true",
255
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_remains_obtainable_after_two_fa_is_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:two_fa_secret_remains_obtainable_after_two_fa_is_enabled&redirect=true",
256
+ "insufficient_security_configurability.weak_two_fa_implementation.missing_failsafe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:missing_failsafe&redirect=true",
257
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_code_is_not_updated_after_new_code_is_requested": null,
258
+ "insufficient_security_configurability.weak_two_fa_implementation.old_two_fa_code_is_not_invalidated_after_new_code_is_generated": null,
259
+ "using_components_with_known_vulnerabilities": null,
260
+ "using_components_with_known_vulnerabilities.rosetta_flash": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:rosetta_flash&redirect=true",
261
+ "using_components_with_known_vulnerabilities.outdated_software_version": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:outdated_software_version&redirect=true",
262
+ "using_components_with_known_vulnerabilities.captcha_bypass": null,
263
+ "using_components_with_known_vulnerabilities.captcha_bypass.ocr_optical_character_recognition": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:captcha_bypass:ocr_optical_character_recognition&redirect=true",
264
+ "insecure_data_storage": null,
265
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted": null,
266
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:sensitive_application_data_stored_unencrypted:on_external_storage&redirect=true",
267
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:sensitive_application_data_stored_unencrypted:on_internal_storage&redirect=true",
268
+ "insecure_data_storage.server_side_credentials_storage": null,
269
+ "insecure_data_storage.server_side_credentials_storage.plaintext": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:server_side_credentials_storage:plaintext&redirect=true",
270
+ "insecure_data_storage.non_sensitive_application_data_stored_unencrypted": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:non_sensitive_application_data_stored_unencrypted&redirect=true",
271
+ "insecure_data_storage.screen_caching_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:screen_caching_enabled&redirect=true",
272
+ "lack_of_binary_hardening": null,
273
+ "lack_of_binary_hardening.lack_of_exploit_mitigations": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_exploit_mitigations&redirect=true",
274
+ "lack_of_binary_hardening.lack_of_jailbreak_detection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_jailbreak_detection&redirect=true",
275
+ "lack_of_binary_hardening.lack_of_obfuscation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_obfuscation&redirect=true",
276
+ "lack_of_binary_hardening.runtime_instrumentation_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:runtime_instrumentation_based&redirect=true",
277
+ "insecure_data_transport": null,
278
+ "insecure_data_transport.cleartext_transmission_of_sensitive_data": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:cleartext_transmission_of_sensitive_data&redirect=true",
279
+ "insecure_data_transport.executable_download": null,
280
+ "insecure_data_transport.executable_download.no_secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:no_secure_integrity_check&redirect=true",
281
+ "insecure_data_transport.executable_download.secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:secure_integrity_check&redirect=true",
282
+ "insecure_os_firmware": null,
283
+ "insecure_os_firmware.command_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:command_injection&redirect=true",
284
+ "insecure_os_firmware.hardcoded_password": null,
285
+ "insecure_os_firmware.hardcoded_password.privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:privileged_user&redirect=true",
286
+ "insecure_os_firmware.hardcoded_password.non_privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:non_privileged_user&redirect=true",
287
+ "broken_cryptography": null,
288
+ "broken_cryptography.cryptographic_flaw": null,
289
+ "broken_cryptography.cryptographic_flaw.incorrect_usage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_cryptography:cryptographic_flaw:incorrect_usage&redirect=true",
290
+ "privacy_concerns": null,
291
+ "privacy_concerns.unnecessary_data_collection": null,
292
+ "privacy_concerns.unnecessary_data_collection.wifi_ssid_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=privacy_concerns:unnecessary_data_collection:wifi_ssid_password&redirect=true",
293
+ "network_security_misconfiguration": null,
294
+ "network_security_misconfiguration.telnet_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=network_security_misconfiguration:telnet_enabled&redirect=true",
295
+ "mobile_security_misconfiguration": null,
296
+ "mobile_security_misconfiguration.ssl_certificate_pinning": null,
297
+ "mobile_security_misconfiguration.ssl_certificate_pinning.absent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:ssl_certificate_pinning:absent&redirect=true",
298
+ "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:ssl_certificate_pinning:defeatable&redirect=true",
299
+ "mobile_security_misconfiguration.tapjacking": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:tapjacking&redirect=true",
300
+ "mobile_security_misconfiguration.clipboard_enabled": null,
301
+ "mobile_security_misconfiguration.auto_backup_allowed_by_default": null,
302
+ "client_side_injection": null,
303
+ "client_side_injection.binary_planting": null,
304
+ "client_side_injection.binary_planting.privilege_escalation": null,
305
+ "client_side_injection.binary_planting.non_default_folder_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:non_default_folder_privilege_escalation&redirect=true",
306
+ "client_side_injection.binary_planting.no_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:no_privilege_escalation&redirect=true",
307
+ "automotive_security_misconfiguration": null,
308
+ "automotive_security_misconfiguration.infotainment_radio_head_unit": null,
309
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage": null,
310
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.ota_firmware_manipulation": null,
311
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot": null,
312
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot": null,
313
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services": null,
314
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump": null,
315
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick": null,
316
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials": null,
317
+ "automotive_security_misconfiguration.rf_hub": null,
318
+ "automotive_security_misconfiguration.rf_hub.key_fob_cloning": null,
319
+ "automotive_security_misconfiguration.rf_hub.can_injection_interaction": null,
320
+ "automotive_security_misconfiguration.rf_hub.data_leakage_pull_encryption_mechanism": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:rf_hub:data_leakage_pull_encryption_mechanism&redirect=true",
321
+ "automotive_security_misconfiguration.rf_hub.unauthorized_access_turn_on": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:rf_hub:unauthorized_access_turn_on&redirect=true",
322
+ "automotive_security_misconfiguration.rf_hub.roll_jam": null,
323
+ "automotive_security_misconfiguration.rf_hub.replay": null,
324
+ "automotive_security_misconfiguration.rf_hub.relay": null,
325
+ "automotive_security_misconfiguration.can": null,
326
+ "automotive_security_misconfiguration.can.injection_battery_management_system": null,
327
+ "automotive_security_misconfiguration.can.injection_steering_control": null,
328
+ "automotive_security_misconfiguration.can.injection_pyrotechnical_device_deployment_tool": null,
329
+ "automotive_security_misconfiguration.can.injection_headlights": null,
330
+ "automotive_security_misconfiguration.can.injection_sensors": null,
331
+ "automotive_security_misconfiguration.can.injection_vehicle_anti_theft_systems": null,
332
+ "automotive_security_misconfiguration.can.injection_powertrain": null,
333
+ "automotive_security_misconfiguration.can.injection_basic_safety_message": null,
334
+ "automotive_security_misconfiguration.can.injection_disallowed_messages": null,
335
+ "automotive_security_misconfiguration.can.injection_dos": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:can:injection_dos&redirect=true",
336
+ "automotive_security_misconfiguration.battery_management_system": null,
337
+ "automotive_security_misconfiguration.battery_management_system.firmware_dump": null,
338
+ "automotive_security_misconfiguration.battery_management_system.fraudulent_interface": null,
339
+ "automotive_security_misconfiguration.gnss_gps": null,
340
+ "automotive_security_misconfiguration.gnss_gps.spoofing": null,
341
+ "automotive_security_misconfiguration.immobilizer": null,
342
+ "automotive_security_misconfiguration.immobilizer.engine_start": null,
343
+ "automotive_security_misconfiguration.abs": null,
344
+ "automotive_security_misconfiguration.abs.unintended_acceleration_brake": null,
345
+ "automotive_security_misconfiguration.rsu": null,
346
+ "automotive_security_misconfiguration.rsu.sybil_attack": null,
347
+ "indicators_of_compromise": null
348
+ }
@@ -0,0 +1,63 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "Vulnerability Rating Taxonomy",
4
+ "description": "A Taxonomy of potential vulnerabilities with suggested technical priority rating",
5
+ "definitions": {
6
+ "VRTmetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "release_date": { "type": "string", "format": "date-time" }
10
+ }
11
+ },
12
+ "VRT": {
13
+ "type": "object",
14
+ "properties": {
15
+ "id": { "type": "string", "pattern": "^[a-z_]*$" },
16
+ "type": { "type": "string", "enum": [ "category", "subcategory", "variant" ] },
17
+ "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
18
+ "priority": {
19
+ "anyOf": [
20
+ { "type": "number", "minimum": 1, "maximum": 5 },
21
+ { "type": "null" }
22
+ ]
23
+ }
24
+ },
25
+ "required": ["id", "name", "type", "priority"]
26
+ },
27
+ "VRTparent": {
28
+ "type": "object",
29
+ "properties": {
30
+ "id": { "type": "string", "pattern": "^[a-z_]*$" },
31
+ "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
32
+ "type": { "type": "string", "enum": [ "category", "subcategory" ] },
33
+ "children": {
34
+ "type": "array",
35
+ "items" : {
36
+ "anyOf": [
37
+ { "$ref": "#/definitions/VRTparent" },
38
+ { "$ref": "#/definitions/VRT" }
39
+ ]
40
+ },
41
+ "minItems": 1
42
+ }
43
+ },
44
+ "required": ["id", "name", "type", "children"]
45
+ }
46
+ },
47
+ "type": "object",
48
+ "required": ["metadata", "content"],
49
+ "properties": {
50
+ "metadata": {
51
+ "$ref": "#/definitions/VRTmetadata"
52
+ },
53
+ "content": {
54
+ "type": "array",
55
+ "items" : {
56
+ "anyOf": [
57
+ { "$ref": "#/definitions/VRTparent" },
58
+ { "$ref": "#/definitions/VRT" }
59
+ ]
60
+ }
61
+ }
62
+ }
63
+ }