Jump to Content
Bright-docs
DocsSamplesChangelog
Log InBright-docs
Docs
Log In
DocsSamplesChangelog
All
Pages
Start typing to search…

Welcome

  • What is Bright DAST?
  • About Docs
  • Support
  • Accessibility
  • Privacy Policy
  • Terms of Service

DEPLOYMENT OPTIONS

  • Overview
  • SaaS Deployment
  • Private Cloud Deployment

Getting Started

  • Quickstart

Onboarding your targets

  • Authentication
    • Add an Authentication Object
      • Configuring Recorded Browser-Based Form Authentication
      • Configuring Manual Browser-Based Form Authentication
      • Configuring Header Authentication
      • Configuring OIDC Connect (OAuth)
      • Configuring Custom API Authentication Flow
      • Configuring NTLM Authentication
    • Testing Authentication
    • Bright Authentication Recorder
    • Google Chrome DevTools
    • String Interpolation Syntax
    • Email OTP
  • Discovery
    • Add Entrypoints to your Project
    • Create a Single Entrypoint
    • Crawler
    • .HAR file
    • Creating a .HAR file
    • API Schema: discovering, configuring
      • How to Validate Uploaded File: OpenAPI, Swagger, Postman
      • API Schema Troubleshooting
  • Entrypoints
    • Adding a single Entrypoint
    • Overview Entrypoints
  • How to Add Bright to the WAF Allowlist

TESTING YOUR TARGETS

  • Scans Overview
    • Modern Scan
    • Legacy Scan
  • Managing Scans
    • Creating a Scan
    • Creating a Legacy Scan
    • Retesting a Scan
    • Deleting a Scan
    • Managing Scan Templates
    • Troubleshooting Scans
  • Reviewing Scan Results
    • Scans Summary
    • Issues Summary
    • Reviewing Scan Details
    • Reviewing Scan History
    • Modifying Future Scan Settings
    • Exporting a Scan Report
    • Reviewing Entrypoints

Advanced Setup

  • Managing Organization
    • Managing Organization Members
    • Managing Organization Groups
    • Managing Custom Roles
  • Managing Access Scopes
    • Organization API Key Scopes
    • Personal API Key Scopes
    • Project API Key Scopes
    • Role Management Scopes
  • Managing Personal Account
  • Managing Projects
  • Managing Bright File Storage
  • Managing Audit Log
  • Baseline Parameters

Bright CLI

  • CLI Overview
  • Installation Guide
    • Minimal requirements
    • Install as standalone
    • Install as Docker
    • Install as NPM / Yarn
    • Install as Windows installer (MSI)
    • Supported Versions
    • Uninstalling Bright-CLI
  • Command List
    • Discoveries
      • Running a Discovery
      • Stopping a Discovery
      • Rerunning a Discovery
      • Polling a Discovery
    • Entrypoints
      • Listing Entrypoints
      • Updating a Host
      • Polling an Update Host
    • Repeaters
      • Initializing the Repeater
      • Testing Network Connectivity
    • Scans
      • Running a Scan
      • Stopping a Scan
      • Retesting a Scan
      • Checking Scan Status
    • Storage
      • Uploading an Archive
  • Configuration Files
  • Troubleshooting
    • Standalone executables
    • Docker
    • NPM / Yarn
    • Windows Installer (MSI)

Bright Repeater

  • Repeaters Overview
  • Repeater Prerequisites
  • Managing Repeaters
  • Scanning at the Enterprise Level
  • Using Repeater Scripts
    • HMAC Use Cases
    • Managing Repeater Scripts
  • Repeaters Troubleshooting

Bright REST API

  • REST API Overview
  • Response Status Codes

Integrations

  • Integrations Overview
    • Jira
    • GitHub
    • Slack
    • Azure Boards
    • GitLab Boards
    • Snyk Validation Integration
  • Adding an Integration to a Project
  • Integrating a Project with Webhooks
  • Configuring Single Sign-On
    • Okta SSO and Provisioning
    • Google SSO
    • Azure AD: Service Provider initiated SSO and Provisioning
    • Azure AD: Identity Provider initiated SSO
  • CI/CD Pipeline Integrations
    • GitHub Actions
    • CircleCI
    • Jenkins
    • Azure Pipelines
    • Travis CI
    • JFrog
    • GitLab
    • TeamCity
  • CI/CD Pipeline Integration Examples
    • Jenkins Integration Examples
    • Travis CI Integration Examples
    • GitLab Integration Examples

Knowledge base

  • Vulnerabilities Index
    • Test Buckets
      • Advanced Attacks
      • API Attacks
      • Business Logic Attacks
      • Client-Side Attacks
      • CVE Tests
      • Legacy Attacks
      • Multiple Authentication Attacks
      • Server-Side Attacks
    • List of Vulnerabilities
      • Amazon AWS S3 bucket takeover
      • Broken Access Control (BAC)
      • Broken JWT Authentication
      • Broken Object Property Authorization
      • Broken SAML Authentication
      • Brute Force Login
      • Business Constraint Bypass
      • Common Vulnerability Exposure (CVEs)
      • Cross-Site Request Forgery (CSRF)
      • Cross-Site Scripting (rXSS)
      • CSS Injection
      • Database Error Message Disclosure
      • Default Login Location
      • Directory Listing
      • Email Header Injection
      • Excessive Data Exposure
      • Exposed Common File
      • Exposed Database Access
      • Exposed Database Connection String
      • Full Path Disclosure
      • GraphQL Introspection
      • HTML Injection
      • ID Enumeration
      • iFrame Injection (Cross-Frame Scripting)
      • Improper Assets Management
      • Insecure HTTP Method
      • Insecure Output Handling
      • Insecure TLS Configuration
      • JavaScript Component with Known Vulnerabilities
      • Lack of Resources and Rate Limiting
      • LDAP Error
      • Local File Inclusion (LFI)
      • Misconfigured Security Headers
      • Missing 'httponly' Flag in Cookie
      • Missing 'secure' Flag in Cookie
      • MongoDB Injection (NoSQLI injection)
      • Open Cloud Storage
      • OS Command Injection
      • Predictable Cookie Value
      • Prompt Injection
      • Prototype Pollution
      • Remote File Inclusion (RFI)
      • Secret Tokens Leak
      • Server Side Request Forgery (SSRF)
      • Server Side Template Injection (SSTI)
      • SQL Injection
      • Stored Cross-Site Scripting (pXSS)
      • Unrestricted File Upload
      • Unvalidated Date Range
      • Unvalidated Redirect
      • Version Control System Exposure
      • WordPress Component with Known Vulnerabilities
      • XML External Entity (XXE)
      • XPath injection
  • FAQs
Powered by 

CVE Tests

Test NameAPI IDDescriptionDetectable Vulnerabilities
CVE scanningcve_testTests for known third-party common vulnerability exposuresCommon Vulnerability Exposure
JavaScript Vulnerabilities Scanningretire_jsTests for known JavaScript component vulnerabilitiesJavaScript Component with Known Vulnerabilities

Updated 4 days ago


Client-Side Attacks
Legacy Attacks