Client-Side Attacks
Test Name | API ID | Description | Detectable Vulnerabilities |
---|---|---|---|
AWS S3 Takeover |
| Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | |
Brute Force Login |
| Tests for the availability of commonly used credentials | |
Cookie Security |
| Tests if the application uses and implements cookies with secure attributes | Missing 'httponly' Flag in Cookie |
Cross-Site Scripting (XSS) |
| Tests if various application DOM parameters are vulnerable to JavaScript injections | |
CSS Injection |
| Tests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code. | |
Default Login Location |
| Tests if login form location in the target application is easy to guess and accessible | |
HTML Injection |
| Tests if various application parameters are vulnerable to HTML injection | |
iFrame Injection |
| Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities. | |
JavaScript Vulnerabilities Scanning |
| Tests for known JavaScript component vulnerabilities | |
Open Cloud Storage |
| Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests | |
Prototype Pollution |
| Tests if it is possible to inject properties into existing JavaScript objects | |
Secret Tokens |
| Tests for exposure of secret API tokens or keys in the target application | |
Stored Cross-Site Scripting (Stored XSS) |
| Tests if various application DOM parameters are vulnerable to JavaScript injections | |
Unvalidated Redirect |
| Tests if various application parameters are vulnerable to the injection of a malicious link that can redirect a user without validation | |
Version Control System |
| Tests if it is possible to access Version Control System (VCS) resources |
Updated 4 days ago