vrt 0.3.0 → 0.3.1.pre.rc1

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,59 +0,0 @@
1
- {
2
- "$schema": "http://json-schema.org/draft-04/schema#",
3
- "title": "VRT to CVSS v3 Mapping",
4
- "description": "Mapping from the Vulnerability Rating Taxonomy to CVSS v3",
5
- "definitions": {
6
- "MappingMetadata": {
7
- "type": "object",
8
- "properties": {
9
- "default": { "$ref": "#/definitions/CVSSv3" }
10
- },
11
- "required": ["default"]
12
- },
13
- "VRTid": { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
14
- "CVSSv3": { "type": "string", "pattern": "^AV:[NALP]/AC:[LH]/PR:[NLH]/UI:[NR]/S:[UC]/C:[NLH]/I:[NLH]/A:[NLH]$" },
15
- "Mapping": {
16
- "type": "object",
17
- "properties": {
18
- "id": { "$ref": "#/definitions/VRTid" },
19
- "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
20
- },
21
- "required": ["id", "cvss_v3"],
22
- "additionalProperties": false
23
- },
24
- "MappingParent": {
25
- "type": "object",
26
- "properties": {
27
- "id": { "$ref": "#/definitions/VRTid" },
28
- "children": {
29
- "type": "array",
30
- "items" : {
31
- "anyOf": [
32
- { "$ref": "#/definitions/MappingParent" },
33
- { "$ref": "#/definitions/Mapping" }
34
- ]
35
- }
36
- },
37
- "cvss_v3" : { "$ref": "#/definitions/CVSSv3" }
38
- },
39
- "required": ["id", "children"],
40
- "additionalProperties": false
41
- }
42
- },
43
- "type": "object",
44
- "required": ["metadata", "content"],
45
- "properties": {
46
- "metadata": {
47
- "$ref": "#/definitions/MappingMetadata"
48
- },
49
- "content": {
50
- "type": "array",
51
- "items" : {
52
- "anyOf": [
53
- { "$ref": "#/definitions/MappingParent" },
54
- { "$ref": "#/definitions/Mapping" }
55
- ]
56
- }
57
- }
58
- }
59
- }
@@ -1,63 +0,0 @@
1
- {
2
- "$schema": "http://json-schema.org/draft-04/schema#",
3
- "title": "Vulnerability Rating Taxonomy",
4
- "description": "A Taxonomy of potential vulnerabilities with suggested technical priority rating",
5
- "definitions": {
6
- "VRTmetadata": {
7
- "type": "object",
8
- "properties": {
9
- "release_date": { "type": "string", "format": "date-time" }
10
- }
11
- },
12
- "VRT": {
13
- "type": "object",
14
- "properties": {
15
- "id": { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
16
- "type": { "type": "string", "enum": [ "category", "subcategory", "variant" ] },
17
- "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
18
- "priority": {
19
- "anyOf": [
20
- { "type": "number", "minimum": 1, "maximum": 5 },
21
- { "type": "null" }
22
- ]
23
- }
24
- },
25
- "required": ["id", "name", "type", "priority"]
26
- },
27
- "VRTparent": {
28
- "type": "object",
29
- "properties": {
30
- "id": { "type": "string", "pattern": "^[a-z_][a-z_0-9]*$" },
31
- "name": { "type": "string", "pattern": "^[ a-zA-Z0-9-+()\/,.<]*$" },
32
- "type": { "type": "string", "enum": [ "category", "subcategory" ] },
33
- "children": {
34
- "type": "array",
35
- "items" : {
36
- "anyOf": [
37
- { "$ref": "#/definitions/VRTparent" },
38
- { "$ref": "#/definitions/VRT" }
39
- ]
40
- },
41
- "minItems": 1
42
- }
43
- },
44
- "required": ["id", "name", "type", "children"]
45
- }
46
- },
47
- "type": "object",
48
- "required": ["metadata", "content"],
49
- "properties": {
50
- "metadata": {
51
- "$ref": "#/definitions/VRTmetadata"
52
- },
53
- "content": {
54
- "type": "array",
55
- "items" : {
56
- "anyOf": [
57
- { "$ref": "#/definitions/VRTparent" },
58
- { "$ref": "#/definitions/VRT" }
59
- ]
60
- }
61
- }
62
- }
63
- }
@@ -1,1607 +0,0 @@
1
- {
2
- "metadata": {
3
- "release_date": "2017-09-22T00:00:00+00:00"
4
- },
5
- "content": [
6
- {
7
- "id": "server_security_misconfiguration",
8
- "name": "Server Security Misconfiguration",
9
- "type": "category",
10
- "children": [
11
- {
12
- "id": "unsafe_cross_origin_resource_sharing",
13
- "name": "Unsafe Cross-Origin Resource Sharing",
14
- "type": "subcategory",
15
- "priority": null
16
- },
17
- {
18
- "id": "path_traversal",
19
- "name": "Path Traversal",
20
- "type": "subcategory",
21
- "priority": null
22
- },
23
- {
24
- "id": "directory_listing_enabled",
25
- "name": "Directory Listing Enabled",
26
- "type": "subcategory",
27
- "children": [
28
- {
29
- "id": "sensitive_data_exposure",
30
- "name": "Sensitive Data Exposure",
31
- "type": "variant",
32
- "priority": null
33
- },
34
- {
35
- "id": "non_sensitive_data_exposure",
36
- "name": "Non-Sensitive Data Exposure",
37
- "type": "variant",
38
- "priority": 5
39
- }
40
- ]
41
- },
42
- {
43
- "id": "same_site_scripting",
44
- "name": "Same-Site Scripting",
45
- "type": "subcategory",
46
- "priority": 5
47
- },
48
- {
49
- "id": "ssl_attack_breach_poodle_etc",
50
- "name": "SSL Attack (BREACH, POODLE etc.)",
51
- "type": "subcategory",
52
- "priority": null
53
- },
54
- {
55
- "id": "using_default_credentials",
56
- "name": "Using Default Credentials",
57
- "type": "subcategory",
58
- "children": [
59
- {
60
- "id": "production_server",
61
- "name": "Production Server",
62
- "type": "variant",
63
- "priority": 1
64
- },
65
- {
66
- "id": "staging_development_server",
67
- "name": "Staging/Development Server",
68
- "type": "variant",
69
- "priority": 2
70
- }
71
- ]
72
- },
73
- {
74
- "id": "misconfigured_dns",
75
- "name": "Misconfigured DNS",
76
- "type": "subcategory",
77
- "children": [
78
- {
79
- "id": "subdomain_takeover",
80
- "name": "Subdomain Takeover",
81
- "type": "variant",
82
- "priority": 2
83
- },
84
- {
85
- "id": "zone_transfer",
86
- "name": "Zone Transfer",
87
- "type": "variant",
88
- "priority": 4
89
- },
90
- {
91
- "id": "missing_caa_record",
92
- "name": "Missing Certification Authority Authorization (CAA) Record",
93
- "type": "variant",
94
- "priority": 5
95
- }
96
- ]
97
- },
98
- {
99
- "id": "mail_server_misconfiguration",
100
- "name": "Mail Server Misconfiguration",
101
- "type": "subcategory",
102
- "children": [
103
- {
104
- "id": "missing_spf_on_email_domain",
105
- "name": "Missing SPF on Email Domain",
106
- "type": "variant",
107
- "priority": 3
108
- },
109
- {
110
- "id": "email_spoofable_via_third_party_api_misconfiguration",
111
- "name": "Email Spoofable Via Third-Party API Misconfiguration",
112
- "type": "variant",
113
- "priority": 3
114
- },
115
- {
116
- "id": "missing_spf_on_non_email_domain",
117
- "name": "Missing SPF on Non-Email Domain",
118
- "type": "variant",
119
- "priority": 5
120
- },
121
- {
122
- "id": "spf_uses_a_soft_fail",
123
- "name": "SPF Uses a Soft Fail",
124
- "type": "variant",
125
- "priority": 5
126
- },
127
- {
128
- "id": "spf_includes_10_lookups",
129
- "name": "SPF Includes More Than 10 Lookups",
130
- "type": "variant",
131
- "priority": 5
132
- },
133
- {
134
- "id": "missing_dmarc",
135
- "name": "Missing DKIM/DMARC",
136
- "type": "variant",
137
- "priority": 5
138
- }
139
- ]
140
- },
141
- {
142
- "id": "lack_of_password_confirmation",
143
- "name": "Lack of Password Confirmation",
144
- "type": "subcategory",
145
- "children": [
146
- {
147
- "id": "change_email_address",
148
- "name": "Change Email Address",
149
- "type": "variant",
150
- "priority": 4
151
- },
152
- {
153
- "id": "change_password",
154
- "name": "Change Password",
155
- "type": "variant",
156
- "priority": 4
157
- },
158
- {
159
- "id": "delete_account",
160
- "name": "Delete Account",
161
- "type": "variant",
162
- "priority": 4
163
- },
164
- {
165
- "id": "manage_two_fa",
166
- "name": "Manage 2FA",
167
- "type": "variant",
168
- "priority": 5
169
- }
170
- ]
171
- },
172
- {
173
- "id": "no_rate_limiting_on_form",
174
- "name": "No Rate Limiting on Form",
175
- "type": "subcategory",
176
- "children": [
177
- {
178
- "id": "registration",
179
- "name": "Registration",
180
- "type": "variant",
181
- "priority": 4
182
- },
183
- {
184
- "id": "login",
185
- "name": "Login",
186
- "type": "variant",
187
- "priority": 3
188
- },
189
- {
190
- "id": "email_triggering",
191
- "name": "Email-Triggering",
192
- "type": "variant",
193
- "priority": 4
194
- }
195
- ]
196
- },
197
- {
198
- "id": "unsafe_file_upload",
199
- "name": "Unsafe File Upload",
200
- "type": "subcategory",
201
- "children": [
202
- {
203
- "id": "no_antivirus",
204
- "name": "No Antivirus",
205
- "type": "variant",
206
- "priority": 4
207
- },
208
- {
209
- "id": "no_size_limit",
210
- "name": "No Size Limit",
211
- "type": "variant",
212
- "priority": 4
213
- },
214
- {
215
- "id": "file_extension_filter_bypass",
216
- "name": "File Extension Filter Bypass",
217
- "type": "variant",
218
- "priority": 5
219
- }
220
- ]
221
- },
222
- {
223
- "id": "cookie_scoped_to_parent_domain",
224
- "name": "Cookie Scoped to Parent Domain",
225
- "type": "subcategory",
226
- "priority": 5
227
- },
228
- {
229
- "id": "missing_secure_or_httponly_cookie_flag",
230
- "name": "Missing Secure or HTTPOnly Cookie Flag",
231
- "type": "subcategory",
232
- "children": [
233
- {
234
- "id": "session_token",
235
- "name": "Session Token",
236
- "type": "variant",
237
- "priority": 4
238
- },
239
- {
240
- "id": "non_session_cookie",
241
- "name": "Non-Session Cookie",
242
- "type": "variant",
243
- "priority": 5
244
- }
245
- ]
246
- },
247
- {
248
- "id": "clickjacking",
249
- "name": "Clickjacking",
250
- "type": "subcategory",
251
- "children": [
252
- {
253
- "id": "sensitive_action",
254
- "name": "Sensitive Action",
255
- "type": "variant",
256
- "priority": 4
257
- },
258
- {
259
- "id": "non_sensitive_action",
260
- "name": "Non-Sensitive Action",
261
- "type": "variant",
262
- "priority": 5
263
- }
264
- ]
265
- },
266
- {
267
- "id": "oauth_misconfiguration",
268
- "name": "OAuth Misconfiguration",
269
- "type": "subcategory",
270
- "children": [
271
- {
272
- "id": "missing_state_parameter",
273
- "name": "Missing State Parameter",
274
- "type": "variant",
275
- "priority": 4
276
- }
277
- ]
278
- },
279
- {
280
- "id": "captcha_bypass",
281
- "name": "Captcha Bypass",
282
- "type": "subcategory",
283
- "children": [
284
- {
285
- "id": "implementation_vulnerability",
286
- "name": "Implementation Vulnerability",
287
- "type": "variant",
288
- "priority": 4
289
- },
290
- {
291
- "id": "brute_force",
292
- "name": "Brute Force",
293
- "type": "variant",
294
- "priority": 5
295
- }
296
- ]
297
- },
298
- {
299
- "id": "exposed_admin_portal",
300
- "name": "Exposed Admin Portal",
301
- "type": "subcategory",
302
- "children": [
303
- {
304
- "id": "to_internet",
305
- "name": "To Internet",
306
- "type": "variant",
307
- "priority": 5
308
- }
309
- ]
310
- },
311
- {
312
- "id": "missing_dnssec",
313
- "name": "Missing DNSSEC",
314
- "type": "subcategory",
315
- "priority": 5
316
- },
317
- {
318
- "id": "fingerprinting_banner_disclosure",
319
- "name": "Fingerprinting/Banner Disclosure",
320
- "type": "subcategory",
321
- "priority": 5
322
- },
323
- {
324
- "id": "username_enumeration",
325
- "name": "Username Enumeration",
326
- "type": "subcategory",
327
- "children": [
328
- {
329
- "id": "brute_force",
330
- "name": "Brute Force",
331
- "type": "variant",
332
- "priority": 5
333
- }
334
- ]
335
- },
336
- {
337
- "id": "potentially_unsafe_http_method_enabled",
338
- "name": "Potentially Unsafe HTTP Method Enabled",
339
- "type": "subcategory",
340
- "children": [
341
- {
342
- "id": "options",
343
- "name": "OPTIONS",
344
- "type": "variant",
345
- "priority": 5
346
- },
347
- {
348
- "id": "trace",
349
- "name": "TRACE",
350
- "type": "variant",
351
- "priority": 5
352
- }
353
- ]
354
- },
355
- {
356
- "id": "insecure_ssl",
357
- "name": "Insecure SSL",
358
- "type": "subcategory",
359
- "children": [
360
- {
361
- "id": "lack_of_forward_secrecy",
362
- "name": "Lack of Forward Secrecy",
363
- "type": "variant",
364
- "priority": 5
365
- },
366
- {
367
- "id": "insecure_cipher_suite",
368
- "name": "Insecure Cipher Suite",
369
- "type": "variant",
370
- "priority": 5
371
- }
372
- ]
373
- },
374
- {
375
- "id": "rfd",
376
- "name": "Reflected File Download (RFD)",
377
- "type": "subcategory",
378
- "priority": 5
379
- },
380
- {
381
- "id": "lack_of_security_headers",
382
- "name": "Lack of Security Headers",
383
- "type": "subcategory",
384
- "children": [
385
- {
386
- "id": "x_frame_options",
387
- "name": "X-Frame-Options",
388
- "type": "variant",
389
- "priority": 5
390
- },
391
- {
392
- "id": "cache_control_for_a_non_sensitive_page",
393
- "name": "Cache-Control for a Non-Sensitive Page",
394
- "type": "variant",
395
- "priority": 5
396
- },
397
- {
398
- "id": "x_xss_protection",
399
- "name": "X-XSS-Protection",
400
- "type": "variant",
401
- "priority": 5
402
- },
403
- {
404
- "id": "strict_transport_security",
405
- "name": "Strict-Transport-Security",
406
- "type": "variant",
407
- "priority": 5
408
- },
409
- {
410
- "id": "x_content_type_options",
411
- "name": "X-Content-Type-Options",
412
- "type": "variant",
413
- "priority": 5
414
- },
415
- {
416
- "id": "content_security_policy",
417
- "name": "Content-Security-Policy",
418
- "type": "variant",
419
- "priority": 5
420
- },
421
- {
422
- "id": "public_key_pins",
423
- "name": "Public-Key-Pins",
424
- "type": "variant",
425
- "priority": 5
426
- },
427
- {
428
- "id": "x_content_security_policy",
429
- "name": "X-Content-Security-Policy",
430
- "type": "variant",
431
- "priority": 5
432
- },
433
- {
434
- "id": "x_webkit_csp",
435
- "name": "X-Webkit-CSP",
436
- "type": "variant",
437
- "priority": 5
438
- },
439
- {
440
- "id": "content_security_policy_report_only",
441
- "name": "Content-Security-Policy-Report-Only",
442
- "type": "variant",
443
- "priority": 5
444
- },
445
- {
446
- "id": "cache_control_for_a_sensitive_page",
447
- "name": "Cache-Control for a Sensitive Page",
448
- "type": "variant",
449
- "priority": 4
450
- }
451
- ]
452
- },
453
- {
454
- "id": "bitsquatting",
455
- "name": "Bitsquatting",
456
- "type": "subcategory",
457
- "priority": 5
458
- }
459
- ]
460
- },
461
- {
462
- "id": "server_side_injection",
463
- "name": "Server-Side Injection",
464
- "type": "category",
465
- "children": [
466
- {
467
- "id": "file_inclusion",
468
- "name": "File Inclusion",
469
- "type": "subcategory",
470
- "children": [
471
- {
472
- "id": "local",
473
- "name": "Local",
474
- "type": "variant",
475
- "priority": 1
476
- }
477
- ]
478
- },
479
- {
480
- "id": "parameter_pollution",
481
- "name": "Parameter Pollution",
482
- "type": "subcategory",
483
- "children": [
484
- {
485
- "id": "social_media_sharing_buttons",
486
- "name": "Social Media Sharing Buttons",
487
- "type": "variant",
488
- "priority": 5
489
- }
490
- ]
491
- },
492
- {
493
- "id": "remote_code_execution_rce",
494
- "name": "Remote Code Execution (RCE)",
495
- "type": "subcategory",
496
- "priority": 1
497
- },
498
- {
499
- "id": "sql_injection",
500
- "name": "SQL Injection",
501
- "type": "subcategory",
502
- "children": [
503
- {
504
- "id": "error_based",
505
- "name": "Error-Based",
506
- "type": "variant",
507
- "priority": 1
508
- },
509
- {
510
- "id": "blind",
511
- "name": "Blind",
512
- "type": "variant",
513
- "priority": 1
514
- }
515
- ]
516
- },
517
- {
518
- "id": "xml_external_entity_injection_xxe",
519
- "name": "XML External Entity Injection (XXE)",
520
- "type": "subcategory",
521
- "priority": 1
522
- },
523
- {
524
- "id": "http_response_manipulation",
525
- "name": "HTTP Response Manipulation",
526
- "type": "subcategory",
527
- "children": [
528
- {
529
- "id": "response_splitting_crlf",
530
- "name": "Response Splitting (CRLF)",
531
- "type": "variant",
532
- "priority": 3
533
- }
534
- ]
535
- },
536
- {
537
- "id": "content_spoofing",
538
- "name": "Content Spoofing",
539
- "type": "subcategory",
540
- "children": [
541
- {
542
- "id": "iframe_injection",
543
- "name": "iframe Injection",
544
- "type": "variant",
545
- "priority": 3
546
- },
547
- {
548
- "id": "external_authentication_injection",
549
- "name": "External Authentication Injection",
550
- "type": "variant",
551
- "priority": 4
552
- },
553
- {
554
- "id": "email_html_injection",
555
- "name": "Email HTML Injection",
556
- "type": "variant",
557
- "priority": 4
558
- },
559
- {
560
- "id": "text_injection",
561
- "name": "Text Injection",
562
- "type": "variant",
563
- "priority": 5
564
- },
565
- {
566
- "id": "homograph_idn_based",
567
- "name": "Homograph/IDN-Based",
568
- "type": "variant",
569
- "priority": 5
570
- }
571
- ]
572
- }
573
- ]
574
- },
575
- {
576
- "id": "broken_authentication_and_session_management",
577
- "name": "Broken Authentication and Session Management",
578
- "type": "category",
579
- "children": [
580
- {
581
- "id": "authentication_bypass",
582
- "name": "Authentication Bypass",
583
- "type": "subcategory",
584
- "priority": 1
585
- },
586
- {
587
- "id": "privilege_escalation",
588
- "name": "Privilege Escalation",
589
- "type": "subcategory",
590
- "priority": null
591
- },
592
- {
593
- "id": "weak_login_function",
594
- "name": "Weak Login Function",
595
- "type": "subcategory",
596
- "children": [
597
- {
598
- "id": "over_http",
599
- "name": "Over HTTP",
600
- "type": "variant",
601
- "priority": 3
602
- }
603
- ]
604
- },
605
- {
606
- "id": "session_fixation",
607
- "name": "Session Fixation",
608
- "type": "subcategory",
609
- "priority": 3
610
- },
611
- {
612
- "id": "failure_to_invalidate_session",
613
- "name": "Failure to Invalidate Session",
614
- "type": "subcategory",
615
- "children": [
616
- {
617
- "id": "on_logout",
618
- "name": "On Logout",
619
- "type": "variant",
620
- "priority": 4
621
- },
622
- {
623
- "id": "on_password_reset",
624
- "name": "On Password Reset",
625
- "type": "variant",
626
- "priority": 4
627
- },
628
- {
629
- "id": "on_password_change",
630
- "name": "On Password Change",
631
- "type": "variant",
632
- "priority": 4
633
- },
634
- {
635
- "id": "all_sessions",
636
- "name": "All Sessions",
637
- "type": "variant",
638
- "priority": 5
639
- },
640
- {
641
- "id": "on_email_change",
642
- "name": "On Email Change",
643
- "type": "variant",
644
- "priority": 5
645
- },
646
- {
647
- "id": "long_timeout",
648
- "name": "Long Timeout",
649
- "type": "variant",
650
- "priority": 5
651
- }
652
- ]
653
- },
654
- {
655
- "id": "concurrent_logins",
656
- "name": "Concurrent Logins",
657
- "type": "subcategory",
658
- "priority": 5
659
- },
660
- {
661
- "id": "weak_registration_implementation",
662
- "name": "Weak Registration Implementation",
663
- "type": "subcategory",
664
- "children": [
665
- {
666
- "id": "over_http",
667
- "name": "Over HTTP",
668
- "type": "variant",
669
- "priority": 4
670
- }
671
- ]
672
- }
673
- ]
674
- },
675
- {
676
- "id": "sensitive_data_exposure",
677
- "name": "Sensitive Data Exposure",
678
- "type": "category",
679
- "children": [
680
- {
681
- "id": "critically_sensitive_data",
682
- "name": "Critically Sensitive Data",
683
- "type": "subcategory",
684
- "children": [
685
- {
686
- "id": "password_disclosure",
687
- "name": "Password Disclosure",
688
- "type": "variant",
689
- "priority": 1
690
- },
691
- {
692
- "id": "private_api_keys",
693
- "name": "Private API Keys",
694
- "type": "variant",
695
- "priority": 1
696
- }
697
- ]
698
- },
699
- {
700
- "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
701
- "name": "EXIF Geolocation Data Not Stripped From Uploaded Images",
702
- "type": "subcategory",
703
- "children": [
704
- {
705
- "id": "automatic_user_enumeration",
706
- "name": "Automatic User Enumeration",
707
- "type": "variant",
708
- "priority": 3
709
- },
710
- {
711
- "id": "manual_user_enumeration",
712
- "name": "Manual User Enumeration",
713
- "type": "variant",
714
- "priority": 4
715
- }
716
- ]
717
- },
718
- {
719
- "id": "visible_detailed_error_page",
720
- "name": "Visible Detailed Error/Debug Page",
721
- "type": "subcategory",
722
- "children": [
723
- {
724
- "id": "detailed_server_configuration",
725
- "name": "Detailed Server Configuration",
726
- "type": "variant",
727
- "priority": 4
728
- },
729
- {
730
- "id": "full_path_disclosure",
731
- "name": "Full Path Disclosure",
732
- "type": "variant",
733
- "priority": 5
734
- },
735
- {
736
- "id": "descriptive_stack_trace",
737
- "name": "Descriptive Stack Trace",
738
- "type": "variant",
739
- "priority": 5
740
- }
741
- ]
742
- },
743
- {
744
- "id": "disclosure_of_known_public_information",
745
- "name": "Disclosure of Known Public Information",
746
- "type": "subcategory",
747
- "priority": 5
748
- },
749
- {
750
- "id": "token_leakage_via_referer",
751
- "name": "Token Leakage via Referer",
752
- "type": "subcategory",
753
- "children": [
754
- {
755
- "id": "trusted_3rd_party",
756
- "name": "Trusted 3rd Party",
757
- "type": "variant",
758
- "priority": 5
759
- },
760
- {
761
- "id": "untrusted_3rd_party",
762
- "name": "Untrusted 3rd Party",
763
- "type": "variant",
764
- "priority": 4
765
- },
766
- {
767
- "id": "over_http",
768
- "name": "Over HTTP",
769
- "type": "variant",
770
- "priority": 4
771
- }
772
- ]
773
- },
774
- {
775
- "id": "sensitive_token_in_url",
776
- "name": "Sensitive Token in URL",
777
- "type": "subcategory",
778
- "priority": 4
779
- },
780
- {
781
- "id": "non_sensitive_token_in_url",
782
- "name": "Non-Sensitive Token in URL",
783
- "type": "subcategory",
784
- "priority": 5
785
- },
786
- {
787
- "id": "weak_password_reset_implementation",
788
- "name": "Weak Password Reset Implementation",
789
- "type": "subcategory",
790
- "children": [
791
- {
792
- "id": "password_reset_token_sent_over_http",
793
- "name": "Password Reset Token Sent Over HTTP",
794
- "type": "variant",
795
- "priority": 4
796
- }
797
- ]
798
- },
799
- {
800
- "id": "mixed_content",
801
- "name": "Mixed Content (HTTPS Sourcing HTTP)",
802
- "type": "subcategory",
803
- "priority": 5
804
- },
805
- {
806
- "id": "sensitive_data_hardcoded",
807
- "name": "Sensitive Data Hardcoded",
808
- "type": "subcategory",
809
- "children": [
810
- {
811
- "id": "oauth_secret",
812
- "name": "OAuth Secret",
813
- "type": "variant",
814
- "priority": 5
815
- },
816
- {
817
- "id": "file_paths",
818
- "name": "File Paths",
819
- "type": "variant",
820
- "priority": 5
821
- }
822
- ]
823
- },
824
- {
825
- "id": "internal_ip_disclosure",
826
- "name": "Internal IP Disclosure",
827
- "type": "subcategory",
828
- "priority": 5
829
- },
830
- {
831
- "id": "xssi",
832
- "name": "Cross Site Script Inclusion (XSSI)",
833
- "type": "subcategory",
834
- "priority": null
835
- },
836
- {
837
- "id": "json_hijacking",
838
- "name": "JSON Hijacking",
839
- "type": "subcategory",
840
- "priority": 5
841
- }
842
- ]
843
- },
844
- {
845
- "id": "cross_site_scripting_xss",
846
- "name": "Cross-Site Scripting (XSS)",
847
- "type": "category",
848
- "children": [
849
- {
850
- "id": "stored",
851
- "name": "Stored",
852
- "type": "subcategory",
853
- "children": [
854
- {
855
- "id": "non_admin_to_anyone",
856
- "name": "Non-Admin to Anyone",
857
- "type": "variant",
858
- "priority": 2
859
- },
860
- {
861
- "id": "admin_to_anyone",
862
- "name": "Admin to Anyone",
863
- "type": "variant",
864
- "priority": 3
865
- },
866
- {
867
- "id": "self",
868
- "name": "Self",
869
- "type": "variant",
870
- "priority": 5
871
- }
872
- ]
873
- },
874
- {
875
- "id": "reflected",
876
- "name": "Reflected",
877
- "type": "subcategory",
878
- "children": [
879
- {
880
- "id": "non_self",
881
- "name": "Non-Self",
882
- "type": "variant",
883
- "priority": 3
884
- },
885
- {
886
- "id": "self",
887
- "name": "Self",
888
- "type": "variant",
889
- "priority": 5
890
- }
891
- ]
892
- },
893
- {
894
- "id": "cookie_based",
895
- "name": "Cookie-Based",
896
- "type": "subcategory",
897
- "priority": 5
898
- },
899
- {
900
- "id": "ie_only",
901
- "name": "IE-Only",
902
- "type": "subcategory",
903
- "children": [
904
- {
905
- "id": "older_version_ie_10_11",
906
- "name": "Older Version (IE 10/11)",
907
- "type": "variant",
908
- "priority": 4
909
- },
910
- {
911
- "id": "xss_filter_disabled",
912
- "name": "XSS Filter Disabled",
913
- "type": "variant",
914
- "priority": 5
915
- },
916
- {
917
- "id": "older_version_ie10",
918
- "name": "Older Version (< IE10)",
919
- "type": "variant",
920
- "priority": 5
921
- }
922
- ]
923
- },
924
- {
925
- "id": "referer",
926
- "name": "Referer",
927
- "type": "subcategory",
928
- "priority": 4
929
- },
930
- {
931
- "id": "trace_method",
932
- "name": "TRACE Method",
933
- "type": "subcategory",
934
- "priority": 5
935
- },
936
- {
937
- "id": "universal_uxss",
938
- "name": "Universal (UXSS)",
939
- "type": "subcategory",
940
- "priority": 4
941
- },
942
- {
943
- "id": "off_domain",
944
- "name": "Off-Domain",
945
- "type": "subcategory",
946
- "children": [
947
- {
948
- "id": "data_uri",
949
- "name": "Data URI",
950
- "type": "variant",
951
- "priority": 4
952
- }
953
- ]
954
- }
955
- ]
956
- },
957
- {
958
- "id": "broken_access_control",
959
- "name": "Broken Access Control (BAC)",
960
- "type": "category",
961
- "children": [
962
- {
963
- "id": "idor",
964
- "name": "Insecure Direct Object References (IDOR)",
965
- "type": "subcategory",
966
- "priority": null
967
- },
968
- {
969
- "id": "server_side_request_forgery_ssrf",
970
- "name": "Server-Side Request Forgery (SSRF)",
971
- "type": "subcategory",
972
- "children": [
973
- {
974
- "id": "internal",
975
- "name": "Internal",
976
- "type": "variant",
977
- "priority": 2
978
- },
979
- {
980
- "id": "external",
981
- "name": "External",
982
- "type": "variant",
983
- "priority": 4
984
- }
985
- ]
986
- },
987
- {
988
- "id": "username_enumeration",
989
- "name": "Username Enumeration",
990
- "type": "subcategory",
991
- "children": [
992
- {
993
- "id": "data_leak",
994
- "name": "Data Leak",
995
- "type": "variant",
996
- "priority": 4
997
- }
998
- ]
999
- },
1000
- {
1001
- "id": "exposed_sensitive_android_intent",
1002
- "name": "Exposed Sensitive Android Intent",
1003
- "type": "subcategory",
1004
- "priority": null
1005
- },
1006
- {
1007
- "id": "exposed_sensitive_ios_url_scheme",
1008
- "name": "Exposed Sensitive iOS URL Scheme",
1009
- "type": "subcategory",
1010
- "priority": null
1011
- }
1012
- ]
1013
- },
1014
- {
1015
- "id": "cross_site_request_forgery_csrf",
1016
- "name": "Cross-Site Request Forgery (CSRF)",
1017
- "type": "category",
1018
- "children": [
1019
- {
1020
- "id": "application_wide",
1021
- "name": "Application-Wide",
1022
- "type": "subcategory",
1023
- "priority": 2
1024
- },
1025
- {
1026
- "id": "action_specific",
1027
- "name": "Action-Specific",
1028
- "type": "subcategory",
1029
- "children": [
1030
- {
1031
- "id": "authenticated_action",
1032
- "name": "Authenticated Action",
1033
- "type": "variant",
1034
- "priority": null
1035
- },
1036
- {
1037
- "id": "unauthenticated_action",
1038
- "name": "Unauthenticated Action",
1039
- "type": "variant",
1040
- "priority": null
1041
- },
1042
- {
1043
- "id": "logout",
1044
- "name": "Logout",
1045
- "type": "variant",
1046
- "priority": 5
1047
- }
1048
- ]
1049
- }
1050
- ]
1051
- },
1052
- {
1053
- "id": "application_level_denial_of_service_dos",
1054
- "name": "Application-Level Denial-of-Service (DoS)",
1055
- "type": "category",
1056
- "children": [
1057
- {
1058
- "id": "critical_impact_and_or_easy_difficulty",
1059
- "name": "Critical Impact and/or Easy Difficulty",
1060
- "type": "subcategory",
1061
- "priority": 2
1062
- },
1063
- {
1064
- "id": "high_impact_and_or_medium_difficulty",
1065
- "name": "High Impact and/or Medium Difficulty",
1066
- "type": "subcategory",
1067
- "priority": 3
1068
- },
1069
- {
1070
- "id": "app_crash",
1071
- "name": "App Crash",
1072
- "type": "subcategory",
1073
- "children": [
1074
- {
1075
- "id": "malformed_android_intents",
1076
- "name": "Malformed Android Intents",
1077
- "type": "variant",
1078
- "priority": 5
1079
- },
1080
- {
1081
- "id": "malformed_ios_url_schemes",
1082
- "name": "Malformed iOS URL Schemes",
1083
- "type": "variant",
1084
- "priority": 5
1085
- }
1086
- ]
1087
- }
1088
- ]
1089
- },
1090
- {
1091
- "id": "unvalidated_redirects_and_forwards",
1092
- "name": "Unvalidated Redirects and Forwards",
1093
- "type": "category",
1094
- "children": [
1095
- {
1096
- "id": "open_redirect",
1097
- "name": "Open Redirect",
1098
- "type": "subcategory",
1099
- "children": [
1100
- {
1101
- "id": "get_based",
1102
- "name": "GET-Based",
1103
- "type": "variant",
1104
- "priority": 4
1105
- },
1106
- {
1107
- "id": "post_based",
1108
- "name": "POST-Based",
1109
- "type": "variant",
1110
- "priority": 5
1111
- },
1112
- {
1113
- "id": "header_based",
1114
- "name": "Header-Based",
1115
- "type": "variant",
1116
- "priority": 5
1117
- }
1118
- ]
1119
- },
1120
- {
1121
- "id": "tabnabbing",
1122
- "name": "Tabnabbing",
1123
- "type": "subcategory",
1124
- "priority": 5
1125
- },
1126
- {
1127
- "id": "lack_of_security_speed_bump_page",
1128
- "name": "Lack of Security Speed Bump Page",
1129
- "type": "subcategory",
1130
- "priority": 5
1131
- }
1132
- ]
1133
- },
1134
- {
1135
- "id": "external_behavior",
1136
- "name": "External Behavior",
1137
- "type": "category",
1138
- "children": [
1139
- {
1140
- "id": "browser_feature",
1141
- "name": "Browser Feature",
1142
- "type": "subcategory",
1143
- "children": [
1144
- {
1145
- "id": "plaintext_password_field",
1146
- "name": "Plaintext Password Field",
1147
- "type": "variant",
1148
- "priority": 5
1149
- },
1150
- {
1151
- "id": "save_password",
1152
- "name": "Save Password",
1153
- "type": "variant",
1154
- "priority": 5
1155
- },
1156
- {
1157
- "id": "autocomplete_enabled",
1158
- "name": "Autocomplete Enabled",
1159
- "type": "variant",
1160
- "priority": 5
1161
- },
1162
- {
1163
- "id": "autocorrect_enabled",
1164
- "name": "Autocorrect Enabled",
1165
- "type": "variant",
1166
- "priority": 5
1167
- },
1168
- {
1169
- "id": "aggressive_offline_caching",
1170
- "name": "Aggressive Offline Caching",
1171
- "type": "variant",
1172
- "priority": 5
1173
- }
1174
- ]
1175
- },
1176
- {
1177
- "id": "csv_injection",
1178
- "name": "CSV Injection",
1179
- "type": "subcategory",
1180
- "priority": 5
1181
- },
1182
- {
1183
- "id": "captcha_bypass",
1184
- "name": "Captcha Bypass",
1185
- "type": "subcategory",
1186
- "children": [
1187
- {
1188
- "id": "crowdsourcing",
1189
- "name": "Crowdsourcing",
1190
- "type": "variant",
1191
- "priority": 5
1192
- }
1193
- ]
1194
- },
1195
- {
1196
- "id": "system_clipboard_leak",
1197
- "name": "System Clipboard Leak",
1198
- "type": "subcategory",
1199
- "children": [
1200
- {
1201
- "id": "shared_links",
1202
- "name": "Shared Links",
1203
- "type": "variant",
1204
- "priority": 5
1205
- }
1206
- ]
1207
- },
1208
- {
1209
- "id": "user_password_persisted_in_memory",
1210
- "name": "User Password Persisted in Memory",
1211
- "type": "subcategory",
1212
- "priority": 5
1213
- }
1214
- ]
1215
- },
1216
- {
1217
- "id": "insufficient_security_configurability",
1218
- "name": "Insufficient Security Configurability",
1219
- "type": "category",
1220
- "children": [
1221
- {
1222
- "id": "weak_password_policy",
1223
- "name": "Weak Password Policy",
1224
- "type": "subcategory",
1225
- "priority": 5
1226
- },
1227
- {
1228
- "id": "no_password_policy",
1229
- "name": "No Password Policy",
1230
- "type": "subcategory",
1231
- "priority": 4
1232
- },
1233
- {
1234
- "id": "weak_password_reset_implementation",
1235
- "name": "Weak Password Reset Implementation",
1236
- "type": "subcategory",
1237
- "children": [
1238
- {
1239
- "id": "token_is_not_invalidated_after_use",
1240
- "name": "Token is Not Invalidated After Use",
1241
- "type": "variant",
1242
- "priority": 4
1243
- },
1244
- {
1245
- "id": "token_is_not_invalidated_after_email_change",
1246
- "name": "Token is Not Invalidated After Email Change",
1247
- "type": "variant",
1248
- "priority": 5
1249
- },
1250
- {
1251
- "id": "token_is_not_invalidated_after_password_change",
1252
- "name": "Token is Not Invalidated After Password Change",
1253
- "type": "variant",
1254
- "priority": 5
1255
- },
1256
- {
1257
- "id": "token_has_long_timed_expiry",
1258
- "name": "Token Has Long Timed Expiry",
1259
- "type": "variant",
1260
- "priority": 5
1261
- },
1262
- {
1263
- "id": "token_is_not_invalidated_after_new_token_is_requested",
1264
- "name": "Token is Not Invalidated After New Token is Requested",
1265
- "type": "variant",
1266
- "priority": 5
1267
- }
1268
- ]
1269
- },
1270
- {
1271
- "id": "lack_of_verification_email",
1272
- "name": "Lack of Verification Email",
1273
- "type": "subcategory",
1274
- "priority": 5
1275
- },
1276
- {
1277
- "id": "lack_of_notification_email",
1278
- "name": "Lack of Notification Email",
1279
- "type": "subcategory",
1280
- "priority": 5
1281
- },
1282
- {
1283
- "id": "weak_registration_implementation",
1284
- "name": "Weak Registration Implementation",
1285
- "type": "subcategory",
1286
- "children": [
1287
- {
1288
- "id": "allows_disposable_email_addresses",
1289
- "name": "Allows Disposable Email Addresses",
1290
- "type": "variant",
1291
- "priority": 5
1292
- }
1293
- ]
1294
- },
1295
- {
1296
- "id": "weak_2fa_implementation",
1297
- "name": "Weak 2FA Implementation",
1298
- "type": "subcategory",
1299
- "children": [
1300
- {
1301
- "id": "missing_failsafe",
1302
- "name": "Missing Failsafe",
1303
- "type": "variant",
1304
- "priority": 5
1305
- }
1306
- ]
1307
- }
1308
- ]
1309
- },
1310
- {
1311
- "id": "using_components_with_known_vulnerabilities",
1312
- "name": "Using Components with Known Vulnerabilities",
1313
- "type": "category",
1314
- "children": [
1315
- {
1316
- "id": "rosetta_flash",
1317
- "name": "Rosetta Flash",
1318
- "type": "subcategory",
1319
- "priority": 4
1320
- },
1321
- {
1322
- "id": "outdated_software_version",
1323
- "name": "Outdated Software Version",
1324
- "type": "subcategory",
1325
- "priority": 5
1326
- },
1327
- {
1328
- "id": "captcha_bypass",
1329
- "name": "Captcha Bypass",
1330
- "type": "subcategory",
1331
- "children": [
1332
- {
1333
- "id": "ocr_optical_character_recognition",
1334
- "name": "OCR (Optical Character Recognition)",
1335
- "type": "variant",
1336
- "priority": 5
1337
- }
1338
- ]
1339
- }
1340
- ]
1341
- },
1342
- {
1343
- "id": "insecure_data_storage",
1344
- "name": "Insecure Data Storage",
1345
- "type": "category",
1346
- "children": [
1347
- {
1348
- "id": "sensitive_application_data_stored_unencrypted",
1349
- "name": "Sensitive Application Data Stored Unencrypted",
1350
- "type": "subcategory",
1351
- "children": [
1352
- {
1353
- "id": "on_external_storage",
1354
- "name": "On External Storage",
1355
- "type": "variant",
1356
- "priority": 4
1357
- },
1358
- {
1359
- "id": "on_internal_storage",
1360
- "name": "On Internal Storage",
1361
- "type": "variant",
1362
- "priority": 5
1363
- }
1364
- ]
1365
- },
1366
- {
1367
- "id": "server_side_credentials_storage",
1368
- "name": "Server-Side Credentials Storage",
1369
- "type": "subcategory",
1370
- "children": [
1371
- {
1372
- "id": "plaintext",
1373
- "name": "Plaintext",
1374
- "type": "variant",
1375
- "priority": 4
1376
- }
1377
- ]
1378
- },
1379
- {
1380
- "id": "non_sensitive_application_data_stored_unencrypted",
1381
- "name": "Non-Sensitive Application Data Stored Unencrypted",
1382
- "type": "subcategory",
1383
- "priority": 5
1384
- },
1385
- {
1386
- "id": "screen_caching_enabled",
1387
- "name": "Screen Caching Enabled",
1388
- "type": "subcategory",
1389
- "priority": 5
1390
- }
1391
- ]
1392
- },
1393
- {
1394
- "id": "lack_of_binary_hardening",
1395
- "name": "Lack of Binary Hardening",
1396
- "type": "category",
1397
- "children": [
1398
- {
1399
- "id": "lack_of_exploit_mitigations",
1400
- "name": "Lack of Exploit Mitigations",
1401
- "type": "subcategory",
1402
- "priority": 5
1403
- },
1404
- {
1405
- "id": "lack_of_jailbreak_detection",
1406
- "name": "Lack of Jailbreak Detection",
1407
- "type": "subcategory",
1408
- "priority": 5
1409
- },
1410
- {
1411
- "id": "lack_of_obfuscation",
1412
- "name": "Lack of Obfuscation",
1413
- "type": "subcategory",
1414
- "priority": 5
1415
- },
1416
- {
1417
- "id": "runtime_instrumentation_based",
1418
- "name": "Runtime Instrumentation-Based",
1419
- "type": "subcategory",
1420
- "priority": 5
1421
- }
1422
- ]
1423
- },
1424
- {
1425
- "id": "insecure_data_transport",
1426
- "name": "Insecure Data Transport",
1427
- "type": "category",
1428
- "children": [
1429
- {
1430
- "id": "cleartext_transmission_of_sensitive_data",
1431
- "name": "Cleartext Transmission of Sensitive Data",
1432
- "type": "subcategory",
1433
- "priority": null
1434
- },
1435
- {
1436
- "id": "executable_download",
1437
- "name": "Executable Download",
1438
- "type": "subcategory",
1439
- "children": [
1440
- {
1441
- "id": "no_secure_integrity_check",
1442
- "name": "No Secure Integrity Check",
1443
- "type": "variant",
1444
- "priority": 4
1445
- },
1446
- {
1447
- "id": "secure_integrity_check",
1448
- "name": "Secure Integrity Check",
1449
- "type": "variant",
1450
- "priority": 5
1451
- }
1452
- ]
1453
- }
1454
- ]
1455
- },
1456
- {
1457
- "id": "insecure_os_firmware",
1458
- "name": "Insecure OS/Firmware",
1459
- "type": "category",
1460
- "children": [
1461
- {
1462
- "id": "command_injection",
1463
- "name": "Command Injection",
1464
- "type": "subcategory",
1465
- "priority": 1
1466
- },
1467
- {
1468
- "id": "hardcoded_password",
1469
- "name": "Hardcoded Password",
1470
- "type": "subcategory",
1471
- "children": [
1472
- {
1473
- "id": "privileged_user",
1474
- "name": "Privileged User",
1475
- "type": "variant",
1476
- "priority": 1
1477
- },
1478
- {
1479
- "id": "non_privileged_user",
1480
- "name": "Non-Privileged User",
1481
- "type": "variant",
1482
- "priority": 2
1483
- }
1484
- ]
1485
- }
1486
- ]
1487
- },
1488
- {
1489
- "id": "broken_cryptography",
1490
- "name": "Broken Cryptography",
1491
- "type": "category",
1492
- "children": [
1493
- {
1494
- "id": "cryptographic_flaw",
1495
- "name": "Cryptographic Flaw",
1496
- "type": "subcategory",
1497
- "children": [
1498
- {
1499
- "id": "incorrect_usage",
1500
- "name": "Incorrect Usage",
1501
- "type": "variant",
1502
- "priority": 1
1503
- }
1504
- ]
1505
- }
1506
- ]
1507
- },
1508
- {
1509
- "id": "privacy_concerns",
1510
- "name": "Privacy Concerns",
1511
- "type": "category",
1512
- "children": [
1513
- {
1514
- "id": "unnecessary_data_collection",
1515
- "name": "Unnecessary Data Collection",
1516
- "type": "subcategory",
1517
- "children": [
1518
- {
1519
- "id": "wifi_ssid_password",
1520
- "name": "WiFi SSID+Password",
1521
- "type": "variant",
1522
- "priority": 4
1523
- }
1524
- ]
1525
- }
1526
- ]
1527
- },
1528
- {
1529
- "id": "network_security_misconfiguration",
1530
- "name": "Network Security Misconfiguration",
1531
- "type": "category",
1532
- "children": [
1533
- {
1534
- "id": "telnet_enabled",
1535
- "name": "Telnet Enabled",
1536
- "type": "subcategory",
1537
- "children": [
1538
- {
1539
- "id": "credentials_required",
1540
- "name": "Credentials Required",
1541
- "type": "variant",
1542
- "priority": 4
1543
- }
1544
- ]
1545
- }
1546
- ]
1547
- },
1548
- {
1549
- "id": "mobile_security_misconfiguration",
1550
- "name": "Mobile Security Misconfiguration",
1551
- "type": "category",
1552
- "children": [
1553
- {
1554
- "id": "ssl_certificate_pinning",
1555
- "name": "SSL Certificate Pinning",
1556
- "type": "subcategory",
1557
- "children": [
1558
- {
1559
- "id": "absent",
1560
- "name": "Absent",
1561
- "type": "variant",
1562
- "priority": 5
1563
- },
1564
- {
1565
- "id": "defeatable",
1566
- "name": "Defeatable",
1567
- "type": "variant",
1568
- "priority": 5
1569
- }
1570
- ]
1571
- },
1572
- {
1573
- "id": "tapjacking",
1574
- "name": "Tapjacking",
1575
- "type": "subcategory",
1576
- "priority": 5
1577
- }
1578
- ]
1579
- },
1580
- {
1581
- "id": "client_side_injection",
1582
- "name": "Client-Side Injection",
1583
- "type": "category",
1584
- "children": [
1585
- {
1586
- "id": "binary_planting",
1587
- "name": "Binary Planting",
1588
- "type": "subcategory",
1589
- "children": [
1590
- {
1591
- "id": "privilege_escalation",
1592
- "name": "Privilege Escalation",
1593
- "type": "variant",
1594
- "priority": 4
1595
- },
1596
- {
1597
- "id": "no_privilege_escalation",
1598
- "name": "No Privilege Escalation",
1599
- "type": "variant",
1600
- "priority": 5
1601
- }
1602
- ]
1603
- }
1604
- ]
1605
- }
1606
- ]
1607
- }