vrt 0.11.0 → 0.12.2

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,75 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "VRT to Remediation Advice",
4
+ "description": "Mapping from the Vulnerability Rating Taxonomy to Remediation Advice",
5
+ "definitions": {
6
+ "MappingMetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "default": { "type": "null" },
10
+ "keys": { "type": "array",
11
+ "items": { "type": "string", "enum": ["remediation_advice", "references"] },
12
+ "minItems": 2,
13
+ "uniqueItems": true
14
+ }
15
+ },
16
+ "required": ["default", "keys"]
17
+ },
18
+ "VRTid": { "type": "string", "pattern": "^[a-z_]*$" },
19
+ "RemediationAdvice": { "type": "string" },
20
+ "References": { "type" : "array",
21
+ "items" : { "type": "string", "pattern": "^http[s]?:\/\/.*$" },
22
+ "minItems": 1,
23
+ "uniqueItems": true
24
+ },
25
+ "Mapping": {
26
+ "type": "object",
27
+ "properties": {
28
+ "id": { "$ref": "#/definitions/VRTid" },
29
+ "remediation_advice" : { "$ref": "#/definitions/RemediationAdvice" },
30
+ "references" : { "$ref": "#/definitions/References" }
31
+ },
32
+ "required": ["id"],
33
+ "anyOf": [
34
+ { "required": ["remediation_advice"] },
35
+ { "required": ["references"] }
36
+ ],
37
+ "additionalProperties": false
38
+ },
39
+ "MappingParent": {
40
+ "type": "object",
41
+ "properties": {
42
+ "id": { "$ref": "#/definitions/VRTid" },
43
+ "children": {
44
+ "type": "array",
45
+ "items" : {
46
+ "anyOf": [
47
+ { "$ref": "#/definitions/MappingParent" },
48
+ { "$ref": "#/definitions/Mapping" }
49
+ ]
50
+ }
51
+ },
52
+ "remediation_advice" : { "$ref": "#/definitions/RemediationAdvice" },
53
+ "references" : { "$ref": "#/definitions/References" }
54
+ },
55
+ "required": ["id", "children"],
56
+ "additionalProperties": false
57
+ }
58
+ },
59
+ "type": "object",
60
+ "required": ["metadata", "content"],
61
+ "properties": {
62
+ "metadata": {
63
+ "$ref": "#/definitions/MappingMetadata"
64
+ },
65
+ "content": {
66
+ "type": "array",
67
+ "items" : {
68
+ "anyOf": [
69
+ { "$ref": "#/definitions/MappingParent" },
70
+ { "$ref": "#/definitions/Mapping" }
71
+ ]
72
+ }
73
+ }
74
+ }
75
+ }
@@ -0,0 +1,392 @@
1
+ {
2
+ "server_security_misconfiguration": null,
3
+ "server_security_misconfiguration.server_side_request_forgery_ssrf": null,
4
+ "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact": null,
5
+ "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": null,
6
+ "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact": null,
7
+ "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only": null,
8
+ "server_security_misconfiguration.unsafe_cross_origin_resource_sharing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true",
9
+ "server_security_misconfiguration.request_smuggling": null,
10
+ "server_security_misconfiguration.path_traversal": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:path_traversal&redirect=true",
11
+ "server_security_misconfiguration.directory_listing_enabled": null,
12
+ "server_security_misconfiguration.directory_listing_enabled.sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:sensitive_data_exposure&redirect=true",
13
+ "server_security_misconfiguration.directory_listing_enabled.non_sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:non_sensitive_data_exposure&redirect=true",
14
+ "server_security_misconfiguration.same_site_scripting": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:same_site_scripting&redirect=true",
15
+ "server_security_misconfiguration.ssl_attack_breach_poodle_etc": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:ssl_attack_breach_poodle_etc&redirect=true",
16
+ "server_security_misconfiguration.using_default_credentials": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:using_default_credentials&redirect=true",
17
+ "server_security_misconfiguration.misconfigured_dns": null,
18
+ "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:basic_subdomain_takeover&redirect=true",
19
+ "server_security_misconfiguration.misconfigured_dns.high_impact_subdomain_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:high_impact_subdomain_takeover&redirect=true",
20
+ "server_security_misconfiguration.misconfigured_dns.zone_transfer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:zone_transfer&redirect=true",
21
+ "server_security_misconfiguration.misconfigured_dns.missing_caa_record": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:misconfigured_dns:missing_caa_record&redirect=true",
22
+ "server_security_misconfiguration.mail_server_misconfiguration": null,
23
+ "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:no_spoofing_protection_on_email_domain&redirect=true",
24
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain&redirect=true",
25
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_spam_folder": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_to_spam_folder&redirect=true",
26
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:missing_or_misconfigured_spf_and_or_dkim&redirect=true",
27
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_non_email_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:mail_server_misconfiguration:email_spoofing_on_non_email_domain&redirect=true",
28
+ "server_security_misconfiguration.dbms_misconfiguration": null,
29
+ "server_security_misconfiguration.dbms_misconfiguration.excessively_privileged_user_dba": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:dbms_misconfiguration:excessively_privileged_user_dba&redirect=true",
30
+ "server_security_misconfiguration.lack_of_password_confirmation": null,
31
+ "server_security_misconfiguration.lack_of_password_confirmation.change_email_address": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:change_email_address&redirect=true",
32
+ "server_security_misconfiguration.lack_of_password_confirmation.change_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:change_password&redirect=true",
33
+ "server_security_misconfiguration.lack_of_password_confirmation.delete_account": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:delete_account&redirect=true",
34
+ "server_security_misconfiguration.lack_of_password_confirmation.manage_two_fa": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_password_confirmation:manage_two_fa&redirect=true",
35
+ "server_security_misconfiguration.no_rate_limiting_on_form": null,
36
+ "server_security_misconfiguration.no_rate_limiting_on_form.registration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:registration&redirect=true",
37
+ "server_security_misconfiguration.no_rate_limiting_on_form.login": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:login&redirect=true",
38
+ "server_security_misconfiguration.no_rate_limiting_on_form.email_triggering": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:email_triggering&redirect=true",
39
+ "server_security_misconfiguration.no_rate_limiting_on_form.sms_triggering": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:no_rate_limiting_on_form:sms_triggering&redirect=true",
40
+ "server_security_misconfiguration.no_rate_limiting_on_form.change_password": null,
41
+ "server_security_misconfiguration.unsafe_file_upload": null,
42
+ "server_security_misconfiguration.unsafe_file_upload.no_antivirus": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:no_antivirus&redirect=true",
43
+ "server_security_misconfiguration.unsafe_file_upload.no_size_limit": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:no_size_limit&redirect=true",
44
+ "server_security_misconfiguration.unsafe_file_upload.file_extension_filter_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_file_upload:file_extension_filter_bypass&redirect=true",
45
+ "server_security_misconfiguration.cookie_scoped_to_parent_domain": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:cookie_scoped_to_parent_domain&redirect=true",
46
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag": null,
47
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag.session_token": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_secure_or_httponly_cookie_flag:session_token&redirect=true",
48
+ "server_security_misconfiguration.missing_secure_or_httponly_cookie_flag.non_session_cookie": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_secure_or_httponly_cookie_flag:non_session_cookie&redirect=true",
49
+ "server_security_misconfiguration.clickjacking": null,
50
+ "server_security_misconfiguration.clickjacking.sensitive_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:sensitive_action&redirect=true",
51
+ "server_security_misconfiguration.clickjacking.form_input": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:form_input&redirect=true",
52
+ "server_security_misconfiguration.clickjacking.non_sensitive_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:clickjacking:non_sensitive_action&redirect=true",
53
+ "server_security_misconfiguration.oauth_misconfiguration": null,
54
+ "server_security_misconfiguration.oauth_misconfiguration.account_takeover": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:account_takeover&redirect=true",
55
+ "server_security_misconfiguration.oauth_misconfiguration.account_squatting": null,
56
+ "server_security_misconfiguration.oauth_misconfiguration.missing_state_parameter": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:missing_state_parameter&redirect=true",
57
+ "server_security_misconfiguration.oauth_misconfiguration.insecure_redirect_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:oauth_misconfiguration:insecure_redirect_uri&redirect=true",
58
+ "server_security_misconfiguration.captcha": null,
59
+ "server_security_misconfiguration.captcha.implementation_vulnerability": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:implementation_vulnerability&redirect=true",
60
+ "server_security_misconfiguration.captcha.brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:brute_force&redirect=true",
61
+ "server_security_misconfiguration.captcha.missing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:captcha:missing&redirect=true",
62
+ "server_security_misconfiguration.exposed_admin_portal": null,
63
+ "server_security_misconfiguration.exposed_admin_portal.to_internet": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:exposed_admin_portal:to_internet&redirect=true",
64
+ "server_security_misconfiguration.missing_dnssec": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:missing_dnssec&redirect=true",
65
+ "server_security_misconfiguration.fingerprinting_banner_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:fingerprinting_banner_disclosure&redirect=true",
66
+ "server_security_misconfiguration.username_enumeration": null,
67
+ "server_security_misconfiguration.username_enumeration.brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:username_enumeration:brute_force&redirect=true",
68
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled": null,
69
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled.options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:potentially_unsafe_http_method_enabled:options&redirect=true",
70
+ "server_security_misconfiguration.potentially_unsafe_http_method_enabled.trace": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:potentially_unsafe_http_method_enabled:trace&redirect=true",
71
+ "server_security_misconfiguration.insecure_ssl": null,
72
+ "server_security_misconfiguration.insecure_ssl.lack_of_forward_secrecy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:lack_of_forward_secrecy&redirect=true",
73
+ "server_security_misconfiguration.insecure_ssl.insecure_cipher_suite": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:insecure_cipher_suite&redirect=true",
74
+ "server_security_misconfiguration.insecure_ssl.certificate_error": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:insecure_ssl:certificate_error&redirect=true",
75
+ "server_security_misconfiguration.rfd": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:rfd&redirect=true",
76
+ "server_security_misconfiguration.lack_of_security_headers": null,
77
+ "server_security_misconfiguration.lack_of_security_headers.x_frame_options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_frame_options&redirect=true",
78
+ "server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:cache_control_for_a_non_sensitive_page&redirect=true",
79
+ "server_security_misconfiguration.lack_of_security_headers.x_xss_protection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_xss_protection&redirect=true",
80
+ "server_security_misconfiguration.lack_of_security_headers.strict_transport_security": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:strict_transport_security&redirect=true",
81
+ "server_security_misconfiguration.lack_of_security_headers.x_content_type_options": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_content_type_options&redirect=true",
82
+ "server_security_misconfiguration.lack_of_security_headers.content_security_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:content_security_policy&redirect=true",
83
+ "server_security_misconfiguration.lack_of_security_headers.public_key_pins": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:public_key_pins&redirect=true",
84
+ "server_security_misconfiguration.lack_of_security_headers.x_content_security_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_content_security_policy&redirect=true",
85
+ "server_security_misconfiguration.lack_of_security_headers.x_webkit_csp": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:x_webkit_csp&redirect=true",
86
+ "server_security_misconfiguration.lack_of_security_headers.content_security_policy_report_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:content_security_policy_report_only&redirect=true",
87
+ "server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:lack_of_security_headers:cache_control_for_a_sensitive_page&redirect=true",
88
+ "server_security_misconfiguration.waf_bypass": null,
89
+ "server_security_misconfiguration.waf_bypass.direct_server_access": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:waf_bypass:direct_server_access&redirect=true",
90
+ "server_security_misconfiguration.race_condition": null,
91
+ "server_security_misconfiguration.cache_poisoning": null,
92
+ "server_security_misconfiguration.bitsquatting": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:bitsquatting&redirect=true",
93
+ "server_side_injection": null,
94
+ "server_side_injection.file_inclusion": null,
95
+ "server_side_injection.file_inclusion.local": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:file_inclusion:local&redirect=true",
96
+ "server_side_injection.parameter_pollution": null,
97
+ "server_side_injection.parameter_pollution.social_media_sharing_buttons": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:parameter_pollution:social_media_sharing_buttons&redirect=true",
98
+ "server_side_injection.remote_code_execution_rce": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:remote_code_execution_rce&redirect=true",
99
+ "server_side_injection.ldap_injection": null,
100
+ "server_side_injection.sql_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:sql_injection&redirect=true",
101
+ "server_side_injection.xml_external_entity_injection_xxe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:xml_external_entity_injection_xxe&redirect=true",
102
+ "server_side_injection.http_response_manipulation": null,
103
+ "server_side_injection.http_response_manipulation.response_splitting_crlf": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:http_response_manipulation:response_splitting_crlf&redirect=true",
104
+ "server_side_injection.content_spoofing": null,
105
+ "server_side_injection.content_spoofing.iframe_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:iframe_injection&redirect=true",
106
+ "server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking": null,
107
+ "server_side_injection.content_spoofing.external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:external_authentication_injection&redirect=true",
108
+ "server_side_injection.content_spoofing.flash_based_external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:flash_based_external_authentication_injection&redirect=true",
109
+ "server_side_injection.content_spoofing.html_content_injection": null,
110
+ "server_side_injection.content_spoofing.email_html_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_html_injection&redirect=true",
111
+ "server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_hyperlink_injection_based_on_email_provider&redirect=true",
112
+ "server_side_injection.content_spoofing.text_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:text_injection&redirect=true",
113
+ "server_side_injection.content_spoofing.homograph_idn_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:homograph_idn_based&redirect=true",
114
+ "server_side_injection.content_spoofing.rtlo": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:rtlo&redirect=true",
115
+ "server_side_injection.ssti": null,
116
+ "server_side_injection.ssti.basic": null,
117
+ "server_side_injection.ssti.custom": null,
118
+ "broken_authentication_and_session_management": null,
119
+ "broken_authentication_and_session_management.authentication_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:authentication_bypass&redirect=true",
120
+ "broken_authentication_and_session_management.two_fa_bypass": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:two_fa_bypass&redirect=true",
121
+ "broken_authentication_and_session_management.privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:privilege_escalation&redirect=true",
122
+ "broken_authentication_and_session_management.cleartext_transmission_of_session_token": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:cleartext_transmission_of_session_token&redirect=true",
123
+ "broken_authentication_and_session_management.weak_login_function": null,
124
+ "broken_authentication_and_session_management.weak_login_function.not_operational": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_login_function:not_operational&redirect=true",
125
+ "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_login_function:other_plaintext_protocol_no_secure_alternative&redirect=true",
126
+ "broken_authentication_and_session_management.weak_login_function.over_http": null,
127
+ "broken_authentication_and_session_management.session_fixation": null,
128
+ "broken_authentication_and_session_management.session_fixation.remote_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:remote_attack_vector&redirect=true",
129
+ "broken_authentication_and_session_management.session_fixation.local_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:local_attack_vector&redirect=true",
130
+ "broken_authentication_and_session_management.failure_to_invalidate_session": null,
131
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout&redirect=true",
132
+ "broken_authentication_and_session_management.failure_to_invalidate_session.permission_change": null,
133
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout_server_side_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout_server_side_only&redirect=true",
134
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_password_change&redirect=true",
135
+ "broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions": null,
136
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_email_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_email_change&redirect=true",
137
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_two_fa_activation_change": null,
138
+ "broken_authentication_and_session_management.failure_to_invalidate_session.long_timeout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:long_timeout&redirect=true",
139
+ "broken_authentication_and_session_management.concurrent_logins": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:concurrent_logins&redirect=true",
140
+ "broken_authentication_and_session_management.weak_registration_implementation": null,
141
+ "broken_authentication_and_session_management.weak_registration_implementation.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_registration_implementation:over_http&redirect=true",
142
+ "sensitive_data_exposure": null,
143
+ "sensitive_data_exposure.disclosure_of_secrets": null,
144
+ "sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset": null,
145
+ "sensitive_data_exposure.disclosure_of_secrets.pii_leakage_exposure": null,
146
+ "sensitive_data_exposure.disclosure_of_secrets.for_internal_asset": null,
147
+ "sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null,
148
+ "sensitive_data_exposure.disclosure_of_secrets.intentionally_public_sample_or_invalid": null,
149
+ "sensitive_data_exposure.disclosure_of_secrets.data_traffic_spam": null,
150
+ "sensitive_data_exposure.disclosure_of_secrets.non_corporate_user": null,
151
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images": null,
152
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images.automatic_user_enumeration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:exif_geolocation_data_not_stripped_from_uploaded_images:automatic_user_enumeration&redirect=true",
153
+ "sensitive_data_exposure.exif_geolocation_data_not_stripped_from_uploaded_images.manual_user_enumeration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:exif_geolocation_data_not_stripped_from_uploaded_images:manual_user_enumeration&redirect=true",
154
+ "sensitive_data_exposure.visible_detailed_error_page": null,
155
+ "sensitive_data_exposure.visible_detailed_error_page.detailed_server_configuration": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:detailed_server_configuration&redirect=true",
156
+ "sensitive_data_exposure.visible_detailed_error_page.full_path_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:full_path_disclosure&redirect=true",
157
+ "sensitive_data_exposure.visible_detailed_error_page.descriptive_stack_trace": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:visible_detailed_error_page:descriptive_stack_trace&redirect=true",
158
+ "sensitive_data_exposure.disclosure_of_known_public_information": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:disclosure_of_known_public_information&redirect=true",
159
+ "sensitive_data_exposure.token_leakage_via_referer": null,
160
+ "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:trusted_third_party&redirect=true",
161
+ "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:untrusted_third_party&redirect=true",
162
+ "sensitive_data_exposure.token_leakage_via_referer.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:token_leakage_via_referer:over_http&redirect=true",
163
+ "sensitive_data_exposure.sensitive_token_in_url": null,
164
+ "sensitive_data_exposure.sensitive_token_in_url.user_facing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:user_facing&redirect=true",
165
+ "sensitive_data_exposure.sensitive_token_in_url.in_the_background": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:in_the_background&redirect=true",
166
+ "sensitive_data_exposure.sensitive_token_in_url.on_password_reset": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_token_in_url:on_password_reset&redirect=true",
167
+ "sensitive_data_exposure.non_sensitive_token_in_url": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:non_sensitive_token_in_url&redirect=true",
168
+ "sensitive_data_exposure.weak_password_reset_implementation": null,
169
+ "sensitive_data_exposure.weak_password_reset_implementation.password_reset_token_sent_over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:weak_password_reset_implementation:password_reset_token_sent_over_http&redirect=true",
170
+ "sensitive_data_exposure.weak_password_reset_implementation.token_leakage_via_host_header_poisoning": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:weak_password_reset_implementation:token_leakage_via_host_header_poisoning&redirect=true",
171
+ "sensitive_data_exposure.mixed_content": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:mixed_content&redirect=true",
172
+ "sensitive_data_exposure.sensitive_data_hardcoded": null,
173
+ "sensitive_data_exposure.sensitive_data_hardcoded.oauth_secret": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_data_hardcoded:oauth_secret&redirect=true",
174
+ "sensitive_data_exposure.sensitive_data_hardcoded.file_paths": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:sensitive_data_hardcoded:file_paths&redirect=true",
175
+ "sensitive_data_exposure.internal_ip_disclosure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:internal_ip_disclosure&redirect=true",
176
+ "sensitive_data_exposure.xssi": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:xssi&redirect=true",
177
+ "sensitive_data_exposure.json_hijacking": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=sensitive_data_exposure:json_hijacking&redirect=true",
178
+ "sensitive_data_exposure.via_localstorage_sessionstorage": null,
179
+ "sensitive_data_exposure.via_localstorage_sessionstorage.sensitive_token": null,
180
+ "sensitive_data_exposure.via_localstorage_sessionstorage.non_sensitive_token": null,
181
+ "cross_site_scripting_xss": null,
182
+ "cross_site_scripting_xss.stored": null,
183
+ "cross_site_scripting_xss.stored.non_admin_to_anyone": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:non_admin_to_anyone&redirect=true",
184
+ "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:privileged_user_to_privilege_elevation&redirect=true",
185
+ "cross_site_scripting_xss.stored.privileged_user_to_no_privilege_elevation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:privileged_user_to_no_privilege_elevation&redirect=true",
186
+ "cross_site_scripting_xss.stored.url_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:url_based&redirect=true",
187
+ "cross_site_scripting_xss.stored.self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:stored:self&redirect=true",
188
+ "cross_site_scripting_xss.reflected": null,
189
+ "cross_site_scripting_xss.reflected.non_self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:reflected:non_self&redirect=true",
190
+ "cross_site_scripting_xss.reflected.self": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:reflected:self&redirect=true",
191
+ "cross_site_scripting_xss.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:flash_based&redirect=true",
192
+ "cross_site_scripting_xss.cookie_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:cookie_based&redirect=true",
193
+ "cross_site_scripting_xss.ie_only": null,
194
+ "cross_site_scripting_xss.referer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:referer&redirect=true",
195
+ "cross_site_scripting_xss.trace_method": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:trace_method&redirect=true",
196
+ "cross_site_scripting_xss.universal_uxss": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:universal_uxss&redirect=true",
197
+ "cross_site_scripting_xss.off_domain": null,
198
+ "cross_site_scripting_xss.off_domain.data_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:off_domain:data_uri&redirect=true",
199
+ "broken_access_control": null,
200
+ "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true",
201
+ "broken_access_control.idor.read_edit_delete_non_sensitive_information": null,
202
+ "broken_access_control.idor.read_edit_delete_sensitive_information_guid": null,
203
+ "broken_access_control.idor.read_sensitive_information_iterable_object_identifiers": null,
204
+ "broken_access_control.idor.edit_delete_sensitive_information_iterable_object_identifiers": null,
205
+ "broken_access_control.idor.read_edit_delete_sensitive_information_iterable_object_identifiers": null,
206
+ "broken_access_control.username_enumeration": null,
207
+ "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true",
208
+ "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true",
209
+ "broken_access_control.exposed_sensitive_ios_url_scheme": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_ios_url_scheme&redirect=true",
210
+ "cross_site_request_forgery_csrf": null,
211
+ "cross_site_request_forgery_csrf.application_wide": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:application_wide&redirect=true",
212
+ "cross_site_request_forgery_csrf.action_specific": null,
213
+ "cross_site_request_forgery_csrf.action_specific.authenticated_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:authenticated_action&redirect=true",
214
+ "cross_site_request_forgery_csrf.action_specific.unauthenticated_action": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:unauthenticated_action&redirect=true",
215
+ "cross_site_request_forgery_csrf.action_specific.logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:action_specific:logout&redirect=true",
216
+ "cross_site_request_forgery_csrf.csrf_token_not_unique_per_request": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_request_forgery_csrf:csrf_token_not_unique_per_request&redirect=true",
217
+ "cross_site_request_forgery_csrf.flash_based": null,
218
+ "application_level_denial_of_service_dos": null,
219
+ "application_level_denial_of_service_dos.critical_impact_and_or_easy_difficulty": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:critical_impact_and_or_easy_difficulty&redirect=true",
220
+ "application_level_denial_of_service_dos.high_impact_and_or_medium_difficulty": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:high_impact_and_or_medium_difficulty&redirect=true",
221
+ "application_level_denial_of_service_dos.app_crash": null,
222
+ "application_level_denial_of_service_dos.app_crash.malformed_android_intents": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:app_crash:malformed_android_intents&redirect=true",
223
+ "application_level_denial_of_service_dos.app_crash.malformed_ios_url_schemes": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=application_level_denial_of_service_dos:app_crash:malformed_ios_url_schemes&redirect=true",
224
+ "unvalidated_redirects_and_forwards": null,
225
+ "unvalidated_redirects_and_forwards.open_redirect": null,
226
+ "unvalidated_redirects_and_forwards.open_redirect.get_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:get_based&redirect=true",
227
+ "unvalidated_redirects_and_forwards.open_redirect.post_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:post_based&redirect=true",
228
+ "unvalidated_redirects_and_forwards.open_redirect.header_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:header_based&redirect=true",
229
+ "unvalidated_redirects_and_forwards.open_redirect.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:open_redirect:flash_based&redirect=true",
230
+ "unvalidated_redirects_and_forwards.tabnabbing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:tabnabbing&redirect=true",
231
+ "unvalidated_redirects_and_forwards.lack_of_security_speed_bump_page": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=unvalidated_redirects_and_forwards:lack_of_security_speed_bump_page&redirect=true",
232
+ "external_behavior": null,
233
+ "external_behavior.browser_feature": null,
234
+ "external_behavior.browser_feature.plaintext_password_field": null,
235
+ "external_behavior.browser_feature.save_password": null,
236
+ "external_behavior.browser_feature.autocomplete_enabled": null,
237
+ "external_behavior.browser_feature.autocorrect_enabled": null,
238
+ "external_behavior.browser_feature.aggressive_offline_caching": null,
239
+ "external_behavior.csv_injection": null,
240
+ "external_behavior.captcha_bypass": null,
241
+ "external_behavior.captcha_bypass.crowdsourcing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=external_behavior:captcha_bypass:crowdsourcing&redirect=true",
242
+ "external_behavior.system_clipboard_leak": null,
243
+ "external_behavior.system_clipboard_leak.shared_links": null,
244
+ "external_behavior.user_password_persisted_in_memory": null,
245
+ "insufficient_security_configurability": null,
246
+ "insufficient_security_configurability.weak_password_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_policy&redirect=true",
247
+ "insufficient_security_configurability.no_password_policy": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:no_password_policy&redirect=true",
248
+ "insufficient_security_configurability.password_policy_bypass": null,
249
+ "insufficient_security_configurability.weak_password_reset_implementation": null,
250
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_use": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_use&redirect=true",
251
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_email_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_email_change&redirect=true",
252
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_password_change&redirect=true",
253
+ "insufficient_security_configurability.weak_password_reset_implementation.token_has_long_timed_expiry": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_has_long_timed_expiry&redirect=true",
254
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_new_token_is_requested": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_new_token_is_requested&redirect=true",
255
+ "insufficient_security_configurability.weak_password_reset_implementation.token_is_not_invalidated_after_login": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_password_reset_implementation:token_is_not_invalidated_after_login&redirect=true",
256
+ "insufficient_security_configurability.verification_of_contact_method_not_required": null,
257
+ "insufficient_security_configurability.lack_of_notification_email": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:lack_of_notification_email&redirect=true",
258
+ "insufficient_security_configurability.weak_registration_implementation": null,
259
+ "insufficient_security_configurability.weak_registration_implementation.allows_disposable_email_addresses": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_registration_implementation:allows_disposable_email_addresses&redirect=true",
260
+ "insufficient_security_configurability.weak_two_fa_implementation": null,
261
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_cannot_be_rotated": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:two_fa_secret_cannot_be_rotated&redirect=true",
262
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_secret_remains_obtainable_after_two_fa_is_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:two_fa_secret_remains_obtainable_after_two_fa_is_enabled&redirect=true",
263
+ "insufficient_security_configurability.weak_two_fa_implementation.missing_failsafe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insufficient_security_configurability:weak_two_fa_implementation:missing_failsafe&redirect=true",
264
+ "insufficient_security_configurability.weak_two_fa_implementation.two_fa_code_is_not_updated_after_new_code_is_requested": null,
265
+ "insufficient_security_configurability.weak_two_fa_implementation.old_two_fa_code_is_not_invalidated_after_new_code_is_generated": null,
266
+ "using_components_with_known_vulnerabilities": null,
267
+ "using_components_with_known_vulnerabilities.rosetta_flash": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:rosetta_flash&redirect=true",
268
+ "using_components_with_known_vulnerabilities.outdated_software_version": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:outdated_software_version&redirect=true",
269
+ "using_components_with_known_vulnerabilities.captcha_bypass": null,
270
+ "using_components_with_known_vulnerabilities.captcha_bypass.ocr_optical_character_recognition": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=using_components_with_known_vulnerabilities:captcha_bypass:ocr_optical_character_recognition&redirect=true",
271
+ "insecure_data_storage": null,
272
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted": null,
273
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:sensitive_application_data_stored_unencrypted:on_external_storage&redirect=true",
274
+ "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:sensitive_application_data_stored_unencrypted:on_internal_storage&redirect=true",
275
+ "insecure_data_storage.server_side_credentials_storage": null,
276
+ "insecure_data_storage.server_side_credentials_storage.plaintext": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:server_side_credentials_storage:plaintext&redirect=true",
277
+ "insecure_data_storage.non_sensitive_application_data_stored_unencrypted": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:non_sensitive_application_data_stored_unencrypted&redirect=true",
278
+ "insecure_data_storage.screen_caching_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_storage:screen_caching_enabled&redirect=true",
279
+ "lack_of_binary_hardening": null,
280
+ "lack_of_binary_hardening.lack_of_exploit_mitigations": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_exploit_mitigations&redirect=true",
281
+ "lack_of_binary_hardening.lack_of_jailbreak_detection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_jailbreak_detection&redirect=true",
282
+ "lack_of_binary_hardening.lack_of_obfuscation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:lack_of_obfuscation&redirect=true",
283
+ "lack_of_binary_hardening.runtime_instrumentation_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=lack_of_binary_hardening:runtime_instrumentation_based&redirect=true",
284
+ "insecure_data_transport": null,
285
+ "insecure_data_transport.cleartext_transmission_of_sensitive_data": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:cleartext_transmission_of_sensitive_data&redirect=true",
286
+ "insecure_data_transport.executable_download": null,
287
+ "insecure_data_transport.executable_download.no_secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:no_secure_integrity_check&redirect=true",
288
+ "insecure_data_transport.executable_download.secure_integrity_check": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_data_transport:executable_download:secure_integrity_check&redirect=true",
289
+ "insecure_os_firmware": null,
290
+ "insecure_os_firmware.command_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:command_injection&redirect=true",
291
+ "insecure_os_firmware.hardcoded_password": null,
292
+ "insecure_os_firmware.hardcoded_password.privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:privileged_user&redirect=true",
293
+ "insecure_os_firmware.hardcoded_password.non_privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:non_privileged_user&redirect=true",
294
+ "cryptographic_weakness": null,
295
+ "cryptographic_weakness.insufficient_entropy": null,
296
+ "cryptographic_weakness.insufficient_entropy.limited_rng_entropy_source": null,
297
+ "cryptographic_weakness.insufficient_entropy.use_of_trng_for_nonsecurity_purpose": null,
298
+ "cryptographic_weakness.insufficient_entropy.prng_seed_reuse": null,
299
+ "cryptographic_weakness.insufficient_entropy.predictable_prng_seed": null,
300
+ "cryptographic_weakness.insufficient_entropy.small_seed_space_in_prng": null,
301
+ "cryptographic_weakness.insufficient_entropy.initialization_vector_reuse": null,
302
+ "cryptographic_weakness.insufficient_entropy.predictable_initialization_vector": null,
303
+ "cryptographic_weakness.insecure_implementation": null,
304
+ "cryptographic_weakness.insecure_implementation.missing_cryptographic_step": null,
305
+ "cryptographic_weakness.insecure_implementation.improper_following_of_specification": null,
306
+ "cryptographic_weakness.weak_hash": null,
307
+ "cryptographic_weakness.weak_hash.lack_of_salt": null,
308
+ "cryptographic_weakness.weak_hash.use_of_predictable_salt": null,
309
+ "cryptographic_weakness.weak_hash.predictable_hash_collision": null,
310
+ "cryptographic_weakness.insufficient_verification_of_data_authenticity": null,
311
+ "cryptographic_weakness.insufficient_verification_of_data_authenticity.identity_check_value": null,
312
+ "cryptographic_weakness.insufficient_verification_of_data_authenticity.cryptographic_signature": null,
313
+ "cryptographic_weakness.insecure_key_generation": null,
314
+ "cryptographic_weakness.insecure_key_generation.improper_asymmetric_prime_selection": null,
315
+ "cryptographic_weakness.insecure_key_generation.improper_asymmetric_exponent_selection": null,
316
+ "cryptographic_weakness.insecure_key_generation.insufficient_key_stretching": null,
317
+ "cryptographic_weakness.insecure_key_generation.insufficient_key_space": null,
318
+ "cryptographic_weakness.insecure_key_generation.key_exchange_without_entity_authentication": null,
319
+ "cryptographic_weakness.key_reuse": null,
320
+ "cryptographic_weakness.key_reuse.lack_of_perfect_forward_secrecy": null,
321
+ "cryptographic_weakness.key_reuse.intra_environment": null,
322
+ "cryptographic_weakness.key_reuse.inter_environment": null,
323
+ "cryptographic_weakness.broken_cryptography": null,
324
+ "cryptographic_weakness.broken_cryptography.use_of_broken_cryptographic_primitive": null,
325
+ "cryptographic_weakness.broken_cryptography.use_of_vulnerable_cryptographic_library": null,
326
+ "cryptographic_weakness.side_channel_attack": null,
327
+ "cryptographic_weakness.side_channel_attack.padding_oracle_attack": null,
328
+ "cryptographic_weakness.side_channel_attack.timing_attack": null,
329
+ "cryptographic_weakness.side_channel_attack.power_analysis_attack": null,
330
+ "cryptographic_weakness.side_channel_attack.emanations_attack": null,
331
+ "cryptographic_weakness.side_channel_attack.differential_fault_analysis": null,
332
+ "cryptographic_weakness.use_of_expired_cryptographic_key_or_cert": null,
333
+ "cryptographic_weakness.incomplete_cleanup_of_keying_material": null,
334
+ "privacy_concerns": null,
335
+ "privacy_concerns.unnecessary_data_collection": null,
336
+ "privacy_concerns.unnecessary_data_collection.wifi_ssid_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=privacy_concerns:unnecessary_data_collection:wifi_ssid_password&redirect=true",
337
+ "network_security_misconfiguration": null,
338
+ "network_security_misconfiguration.telnet_enabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=network_security_misconfiguration:telnet_enabled&redirect=true",
339
+ "mobile_security_misconfiguration": null,
340
+ "mobile_security_misconfiguration.ssl_certificate_pinning": null,
341
+ "mobile_security_misconfiguration.ssl_certificate_pinning.absent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:ssl_certificate_pinning:absent&redirect=true",
342
+ "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:ssl_certificate_pinning:defeatable&redirect=true",
343
+ "mobile_security_misconfiguration.tapjacking": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=mobile_security_misconfiguration:tapjacking&redirect=true",
344
+ "mobile_security_misconfiguration.clipboard_enabled": null,
345
+ "mobile_security_misconfiguration.auto_backup_allowed_by_default": null,
346
+ "client_side_injection": null,
347
+ "client_side_injection.binary_planting": null,
348
+ "client_side_injection.binary_planting.privilege_escalation": null,
349
+ "client_side_injection.binary_planting.non_default_folder_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:non_default_folder_privilege_escalation&redirect=true",
350
+ "client_side_injection.binary_planting.no_privilege_escalation": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=client_side_injection:binary_planting:no_privilege_escalation&redirect=true",
351
+ "automotive_security_misconfiguration": null,
352
+ "automotive_security_misconfiguration.infotainment_radio_head_unit": null,
353
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.sensitive_data_leakage_exposure": null,
354
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.ota_firmware_manipulation": null,
355
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot": null,
356
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot": null,
357
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services": null,
358
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump": null,
359
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick": null,
360
+ "automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials": null,
361
+ "automotive_security_misconfiguration.rf_hub": null,
362
+ "automotive_security_misconfiguration.rf_hub.key_fob_cloning": null,
363
+ "automotive_security_misconfiguration.rf_hub.can_injection_interaction": null,
364
+ "automotive_security_misconfiguration.rf_hub.data_leakage_pull_encryption_mechanism": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:rf_hub:data_leakage_pull_encryption_mechanism&redirect=true",
365
+ "automotive_security_misconfiguration.rf_hub.unauthorized_access_turn_on": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:rf_hub:unauthorized_access_turn_on&redirect=true",
366
+ "automotive_security_misconfiguration.rf_hub.roll_jam": null,
367
+ "automotive_security_misconfiguration.rf_hub.replay": null,
368
+ "automotive_security_misconfiguration.rf_hub.relay": null,
369
+ "automotive_security_misconfiguration.can": null,
370
+ "automotive_security_misconfiguration.can.injection_battery_management_system": null,
371
+ "automotive_security_misconfiguration.can.injection_steering_control": null,
372
+ "automotive_security_misconfiguration.can.injection_pyrotechnical_device_deployment_tool": null,
373
+ "automotive_security_misconfiguration.can.injection_headlights": null,
374
+ "automotive_security_misconfiguration.can.injection_sensors": null,
375
+ "automotive_security_misconfiguration.can.injection_vehicle_anti_theft_systems": null,
376
+ "automotive_security_misconfiguration.can.injection_powertrain": null,
377
+ "automotive_security_misconfiguration.can.injection_basic_safety_message": null,
378
+ "automotive_security_misconfiguration.can.injection_disallowed_messages": null,
379
+ "automotive_security_misconfiguration.can.injection_dos": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=automotive_security_misconfiguration:can:injection_dos&redirect=true",
380
+ "automotive_security_misconfiguration.battery_management_system": null,
381
+ "automotive_security_misconfiguration.battery_management_system.firmware_dump": null,
382
+ "automotive_security_misconfiguration.battery_management_system.fraudulent_interface": null,
383
+ "automotive_security_misconfiguration.gnss_gps": null,
384
+ "automotive_security_misconfiguration.gnss_gps.spoofing": null,
385
+ "automotive_security_misconfiguration.immobilizer": null,
386
+ "automotive_security_misconfiguration.immobilizer.engine_start": null,
387
+ "automotive_security_misconfiguration.abs": null,
388
+ "automotive_security_misconfiguration.abs.unintended_acceleration_brake": null,
389
+ "automotive_security_misconfiguration.rsu": null,
390
+ "automotive_security_misconfiguration.rsu.sybil_attack": null,
391
+ "indicators_of_compromise": null
392
+ }
@@ -0,0 +1,63 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-04/schema#",
3
+ "title": "Vulnerability Rating Taxonomy",
4
+ "description": "A Taxonomy of potential vulnerabilities with suggested technical priority rating",
5
+ "definitions": {
6
+ "VRTmetadata": {
7
+ "type": "object",
8
+ "properties": {
9
+ "release_date": { "type": "string", "format": "date-time" }
10
+ }
11
+ },
12
+ "VRT": {
13
+ "type": "object",
14
+ "properties": {
15
+ "id": { "type": "string", "pattern": "^[a-z_]*$" },
16
+ "type": { "type": "string", "enum": [ "category", "subcategory", "variant" ] },
17
+ "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
18
+ "priority": {
19
+ "anyOf": [
20
+ { "type": "number", "minimum": 1, "maximum": 5 },
21
+ { "type": "null" }
22
+ ]
23
+ }
24
+ },
25
+ "required": ["id", "name", "type", "priority"]
26
+ },
27
+ "VRTparent": {
28
+ "type": "object",
29
+ "properties": {
30
+ "id": { "type": "string", "pattern": "^[a-z_]*$" },
31
+ "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
32
+ "type": { "type": "string", "enum": [ "category", "subcategory" ] },
33
+ "children": {
34
+ "type": "array",
35
+ "items" : {
36
+ "anyOf": [
37
+ { "$ref": "#/definitions/VRTparent" },
38
+ { "$ref": "#/definitions/VRT" }
39
+ ]
40
+ },
41
+ "minItems": 1
42
+ }
43
+ },
44
+ "required": ["id", "name", "type", "children"]
45
+ }
46
+ },
47
+ "type": "object",
48
+ "required": ["metadata", "content"],
49
+ "properties": {
50
+ "metadata": {
51
+ "$ref": "#/definitions/VRTmetadata"
52
+ },
53
+ "content": {
54
+ "type": "array",
55
+ "items" : {
56
+ "anyOf": [
57
+ { "$ref": "#/definitions/VRTparent" },
58
+ { "$ref": "#/definitions/VRT" }
59
+ ]
60
+ }
61
+ }
62
+ }
63
+ }