Vulnerability Guide

This section lists all vulnerabilities that can be detected by Bright and provides detailed information about each of them.

Test NameDescriptionDetectable VulnerabilitiesBuckets
Amazon S3 Bucket TakeoverTests for S3 buckets that no longer exist to prevent data breaches and malware distributionAmazon S3 Bucket TakeoverAPI attacks Client-side attacks Server-side attacks
Broken JWT AuthenticationTests for secure implementation of JSON Web Token (JWT) in the applicationBroken JWT AuthenticationAPI attacks
Server-side attacks
Broken SAML AuthenticationTests for secure implementation of SAML authentication in the applicationBroken SAML AuthenticationAPI attacks Server-side attacks
Brute Force LoginTests for the availability of commonly used credentialsBrute Force Login Client-side attacks
Business Constraint BypassTests if the limitation of the number of retrievable items via an API call is configured properlyBusiness Constraint BypassAPI attacks Business logic attacks
Cross-Site Scripting (XSS)Tests if various application DOM parameters are vulnerable to JavaScript injectionsReflective Cross-site scripting (rXSS)

Stored Cross-site scripting (pXSS)
Client-side attacks
Common Files ExposureTests if common files that should not be accessible are accessibleExposed Common FileServer-side attacks
Common Vulnerability Exposure (CVE)Tests for known third-party common vulnerability exposuresCommon Vulnerability ExposureClient-side attacksLegacy attacks
Cookie Security CheckTests if the application uses and implements cookies with secure attributesSensitive Cookie in HTTPS Session Without Secure Attribute

Sensitive Cookie Without Http-Only Flag

Sensitive Cookie Weak Session ID
API attacks Client-side attacks Server-side attacks
Cross-Site Request Forgery (CSRF)Tests application forms for vulnerable cross-site filling and submittingUnauthorized Cross-Site Request Forgery (CSRF)

Authorized Cross-Site Request Forgery (CSRF)
API attacks Server-side attacks
Cross-Site Scripting (XSS)Tests if various application parameters are vulnerable to JavaScript injectionsReflective Cross-Site Scripting (rXSS)

Stored Cross-Site Scripting (pXSS)
Client-side attacks
CSS InjectionTests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code.CSS InjectionClient-side attacks
Default Login LocationTests if login form location in the target application is easy to guess and accessibleDefault Login LocationClient-side attacks
Directory ListingTests if server-side directory listing is possibleDirectory ListingAPI attacks Server-side attacks
Email Header InjectionTests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishingEmail Header InjectionAPI attacks Server-side attacks
Google Cloud StorageAims to identify potential security vulnerabilities associated with unauthorized or unexpected references to Google Cloud Storage resourcesGoogle Cloud StorageClient-side attacks Server-side attacks API attacks
Open BucketsTests if exposed AWS S3 links lead to anonymous read access to the bucketExposed AWS S3 Buckets DetailsAPI attacks Server-side attacks Client-side attacks
Exposed Database Details
(Open Database)
Tests if exposed database connection strings are open to public connectionsExposed Database Details

Exposed Database Connection String
API attacks Server-side attacks
Excessive Data ExposureTests application for not screening sensitive information on the server sideExcessive Data ExposureAPI attacks Business logic attacks
Full Path Disclosure (FPD)Tests if various application parameters are vulnerable to the exposure of errors that include full webroot pathFull Path DisclosureAPI attacks Server-side attacks
GraphQL introspectionGraphQL data availability test for queries coming from external IP-addressGraphQL introspectionAPI attacks
Headers Security CheckTests for proper Security Headers configurationMisconfigured Security Headers

Missing Security Headers

Insecure Content Secure Policy Configuration
API attacks Server-side attacks
HTML InjectionTests if various application parameters are vulnerable to HTML injectionHTML InjectionClient-side attacks API attacks
iFrame InjectionTests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities.iFrame InjectionClient-side attacks Server-side attacks
Improper Assets ManagementTests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privilegesImproper Assets ManagementAPI attacks Business logic attacks
Insecure HTTP Method
(HTTP Method Fuzzer)
Tests enumeration of possible HTTP methods for vulnerabilitiesInsecure HTTP MethodAPI attacks Server-side attacks
Insecure TLS ConfigurationTests SSL/TLS ciphers and configurations for vulnerabilitiesInsecure TLS ConfigurationAPI attacks Server-side attacks
Known JavaScript Vulnerabilities
(JavaScript Vulnerabilities Scanning)
Tests for known JavaScript component vulnerabilitiesJavaScript Component with Known VulnerabilitiesClient-side attacks Legacy attacks
Lack of Resources and Rate LimitingTests all API endpoints for rate-limiting or resource exhaustion protection in place.Lack of Resources and Rate LimitingAdvanced attacks
LDAP InjectionTests if various application parameters are vulnerable to unauthorized LDAP accessLDAP Injection
LDAP Error
Legacy attacks
Local File Inclusion (LFI)Tests if various application parameters are vulnerable to loading of unauthorized local system resourcesLocal File Inclusion (LFI)API attacks Server-side attacks
Mass AssignmentTests if it is possible to create requests with additional parameters to gain privilege escalationMass AssignmentAPI attacks Business logic attacks
OS Command InjectionTests if various application parameters are vulnerable to Operation System (OS) command injectionOS Command InjectionAPI attacks Server-side attacks
Prompt InjectionTests for prompt injections assess the manipulation of LLMs through crafted prompts, which can result in unintended actions and security vulnerabilities like data leaks and unauthorized access.Prompt InjectionBusiness logic attacks
Prototype PollutionTests if it is possible to inject properties into existing JavaScript objectsPrototype PollutionClient-side attacks
Remote File Inclusion (RFI)Tests if various application parameters are vulnerable to loading of unauthorized remote system resourcesRemote File Inclusion (RFI)API attacks Server-side attacks
Secret Tokens LeakTests for exposure of secret API tokens or keys in the target applicationSecret Tokens LeakAPI attacks Server-side attacks Client-side attacks
Server Side Template Injection (SSTI)Tests if various application parameters are vulnerable to server-side code executionServer Side Template Injection (SSTI)API attacks Server-side attacks
Server Side Request Forgery (SSRF)Tests if various application parameters are vulnerable to internal resource accessServer Side Request Forgery (SSRF)API attacks Server-side attacks
SQL Injection (SQLI)SQL Injection tests vulnerable parameters for SQL database accessSQL injection

SQL Injection: Blind Boolean Based

SQL Injection: Blind Time Based
API attacks Server-side attacks
Unrestricted File UploadTests if file upload mechanisms are validated properly and denies upload of malicious contentUnrestricted File UploadAPI attacks Server-side attacks
Unsafe Date Range
(Date Manipulation)
Tests if date ranges are set and validated properlyUnsafe Date RangeAPI attacks Business logic attacks
Unsafe Redirect
(Unvalidated Redirect)
Tests if various application parameters are vulnerable to the injection of a malicious link that can redirect a user without validationUnsafe RedirectClient-side attacks
User ID EnumerationTests if it is possible to collect valid user ID data by interacting with the target applicationEnumerable Integer-Based IDAPI attacks Business logic attacks
Version Control System Data LeakTests if it is possible to access Version Control System (VCS) resourcesVersion Control System Data LeakAPI attacks Server-side attacks Client-side attacks
WordPress ComponentTests for known vulnerabilities related to the WordPress platformWordPressCVE tests Client-side attacks
XML External Entity Injection (XXE)Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entitiesXML External Entity InjectionLegacy attacks Server-side attacks
XPath InjectionTests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actionsXPath InjectionClient-side attacks Server-side attacks