Vulnerability Guide

This section lists all vulnerabilities (issues) that can be detected by Bright and provides detailed information about each of them.

Test NameDescriptionDetectable Vulnerabilities
Broken JWT AuthenticationTests for secure implementation of JSON Web Token (JWT) in the applicationBroken JWT Authentication
Broken SAML AuthenticationTests for secure implementation of SAML authentication in the applicationBroken SAML Authentication
Brute Force LoginTests for the availability of commonly used credentialsBrute Force Login
Business Constraint BypassTests if the limitation of the number of retrievable items via an API call is configured properlyBusiness Constraint Bypass
Client-Side XSS
(DOM Cross-Site Scripting)
Tests if various application DOM parameters are vulnerable to JavaScript injectionsReflective Cross-site scripting (rXSS)

Persistent Cross-site scripting (pXSS)
Common Files ExposureTests if common files that should not be accessible are accessibleExposed Common File
Cookie Security CheckTests if the application uses and implements cookies with secure attributesSensitive Cookie in HTTPS Session Without Secure Attribute

Sensitive Cookie Without Http-Only Flag

Sensitive Cookie Weak Session ID
Cross-Site Request Forgery (CSRF)Tests application forms for vulnerable cross-site filling and submittingUnauthorized Cross-Site Request Forgery (CSRF)

Authorized Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)Tests if various application parameters are vulnerable to JavaScript injectionsReflective Cross-Site Scripting (rXSS)

Persistent Cross-Site Scripting (pXSS)
Default Login LocationTests if login form location in the target application is easy to guess and accessibleDefault Login Location
Directory ListingTests if server-side directory listing is possibleDirectory Listing
Email Header InjectionTests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishingEmail Header Injection
Exposed AWS S3 Buckets Details
(Open Buckets)
Tests if exposed AWS S3 links lead to anonymous read access to the bucketExposed AWS S3 Buckets Details
Exposed Database Details
(Open Database)
Tests if exposed database connection strings are open to public connectionsExposed Database Details

Exposed Database Connection String
Full Path Disclosure (FPD)Tests if various application parameters are vulnerable to the exposure of errors that include full webroot pathFull Path Disclosure
Headers Security CheckTests for proper Security Headers configurationMisconfigured Security Headers

Missing Security Headers

Insecure Content Secure Policy Configuration
HTML InjectionTests if various application parameters are vulnerable to HTML injectionHTML Injection
Improper Assets ManagementTests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privilegesImproper Assets Management
Insecure HTTP Method
(HTTP Method Fuzzer)
Tests enumeration of possible HTTP methods for vulnerabilitiesInsecure HTTP Method
Insecure TLS ConfigurationTests SSL/TLS ciphers and configurations for vulnerabilitiesInsecure TLS Configuration
Known JavaScript Vulnerabilities
(JavaScript Vulnerabilities Scanning)
Tests for known JavaScript component vulnerabilitiesJavaScript Component with Known Vulnerabilities
Known WordPress Vulnerabilities
(WordPress Scan)
Tests for known WordPress vulnerabilities and tries to enumerate a list of usersWordPress Component with Known Vulnerabilities
LDAP InjectionTests if various application parameters are vulnerable to unauthorized LDAP accessLDAP Injection
LDAP Error
Local File Inclusion (LFI)Tests if various application parameters are vulnerable to loading of unauthorized local system resourcesLocal File Inclusion (LFI)
Mass AssignmentTests if it is possible to create requests with additional parameters to gain privilege escalationMass Assignment
OS Command InjectionTests if various application parameters are vulnerable to Operation System (OS) commands injectionOS Command Injection
Prototype PollutionTests if it is possible to inject properties into existing JavaScript objectsPrototype Pollution
Remote File Inclusion (RFI)Tests if various application parameters are vulnerable to loading of unauthorized remote system resourcesRemote File Inclusion (RFI)
Secret Tokens LeakTests for exposure of secret API tokens or keys in the target applicationSecret Tokens Leak
Server Side Template Injection (SSTI)Tests if various application parameters are vulnerable to server-side code executionServer Side Template Injection (SSTI)
Server Side Request Forgery (SSRF)Tests if various application parameters are vulnerable to internal resources accessServer Side Request Forgery (SSRF)
SQL Injection (SQLI)SQL Injection tests vulnerable parameters for SQL database accessSQL Injection: Blind Boolean Based

SQL Injection: Blind Time Based
Unrestricted File UploadTests if file upload mechanisms are validated properly and denies upload of malicious contentUnrestricted File Upload
Unsafe Date Range
(Date Manipulation)
Tests if date ranges are set and validated properlyUnsafe Date Range
Unsafe Redirect
(Unvalidated Redirect)
Tests if various application parameters are vulnerable to the injection of a malicious link that can redirect a user without validationUnsafe Redirect
User ID EnumerationTests if it is possible to collect valid user ID data by interacting with the target applicationEnumerable Integer-Based ID
Version Control System Data LeakTests if it is possible to access Version Control System (VCS) resourcesVersion Control System Data Leak
XML External Entity InjectionTests if various XML parameters are vulnerable to XML parsing of unauthorized external entitiesXML External Entity Injection
Lack of Resources and Rate LimitingTests the maximum number of calls in a particular time interval.Lack of Resources and Rate Limit