Vulnerability Guide
This section lists all vulnerabilities that can be detected by Bright and provides detailed information about each of them.
Test Name | Description | Detectable Vulnerabilities | Buckets |
---|---|---|---|
Amazon S3 Bucket Takeover | Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | Amazon S3 Bucket Takeover | API attacks Client-side attacks Server-side attacks |
Broken JWT Authentication | Tests for secure implementation of JSON Web Token (JWT) in the application | Broken JWT Authentication | API attacks Server-side attacks |
Broken SAML Authentication | Tests for secure implementation of SAML authentication in the application | Broken SAML Authentication | API attacks Server-side attacks |
Brute Force Login | Tests for the availability of commonly used credentials | Brute Force Login | Client-side attacks |
Business Constraint Bypass | Tests if the limitation of the number of retrievable items via an API call is configured properly | Business Constraint Bypass | API attacks Business logic attacks |
Cross-Site Scripting (XSS) | Tests if various application DOM parameters are vulnerable to JavaScript injections | Reflective Cross-site scripting (rXSS) Stored Cross-site scripting (pXSS) | Client-side attacks |
Common Files Exposure | Tests if common files that should not be accessible are accessible | Exposed Common File | Server-side attacks |
Common Vulnerability Exposure (CVE) | Tests for known third-party common vulnerability exposures | Common Vulnerability Exposure | Client-side attacksLegacy attacks |
Cookie Security Check | Tests if the application uses and implements cookies with secure attributes | Sensitive Cookie in HTTPS Session Without Secure Attribute Sensitive Cookie Without Http-Only Flag Sensitive Cookie Weak Session ID | API attacks Client-side attacks Server-side attacks |
Cross-Site Request Forgery (CSRF) | Tests application forms for vulnerable cross-site filling and submitting | Unauthorized Cross-Site Request Forgery (CSRF) Authorized Cross-Site Request Forgery (CSRF) | API attacks Server-side attacks |
Cross-Site Scripting (XSS) | Tests if various application parameters are vulnerable to JavaScript injections | Reflective Cross-Site Scripting (rXSS) Stored Cross-Site Scripting (pXSS) | Client-side attacks |
CSS Injection | Tests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code. | CSS Injection | Client-side attacks |
Default Login Location | Tests if login form location in the target application is easy to guess and accessible | Default Login Location | Client-side attacks |
Directory Listing | Tests if server-side directory listing is possible | Directory Listing | API attacks Server-side attacks |
Email Header Injection | Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | Email Header Injection | API attacks Server-side attacks |
Google Cloud Storage | Aims to identify potential security vulnerabilities associated with unauthorized or unexpected references to Google Cloud Storage resources | Google Cloud Storage | Client-side attacks Server-side attacks API attacks |
Open Buckets | Tests if exposed AWS S3 links lead to anonymous read access to the bucket | Exposed AWS S3 Buckets Details | API attacks Server-side attacks Client-side attacks |
Exposed Database Details (Open Database) | Tests if exposed database connection strings are open to public connections | Exposed Database Details Exposed Database Connection String | API attacks Server-side attacks |
Excessive Data Exposure | Tests application for not screening sensitive information on the server side | Excessive Data Exposure | API attacks Business logic attacks |
Full Path Disclosure (FPD) | Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path | Full Path Disclosure | API attacks Server-side attacks |
GraphQL introspection | GraphQL data availability test for queries coming from external IP-address | GraphQL introspection | API attacks |
Headers Security Check | Tests for proper Security Headers configuration | Misconfigured Security Headers Missing Security Headers Insecure Content Secure Policy Configuration | API attacks Server-side attacks |
HTML Injection | Tests if various application parameters are vulnerable to HTML injection | HTML Injection | Client-side attacks API attacks |
iFrame Injection | Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities. | iFrame Injection | Client-side attacks Server-side attacks |
Improper Assets Management | Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges | Improper Assets Management | API attacks Business logic attacks |
Insecure HTTP Method (HTTP Method Fuzzer) | Tests enumeration of possible HTTP methods for vulnerabilities | Insecure HTTP Method | API attacks Server-side attacks |
Insecure TLS Configuration | Tests SSL/TLS ciphers and configurations for vulnerabilities | Insecure TLS Configuration | API attacks Server-side attacks |
Known JavaScript Vulnerabilities (JavaScript Vulnerabilities Scanning) | Tests for known JavaScript component vulnerabilities | JavaScript Component with Known Vulnerabilities | Client-side attacks Legacy attacks |
Lack of Resources and Rate Limiting | Tests all API endpoints for rate-limiting or resource exhaustion protection in place. | Lack of Resources and Rate Limiting | Advanced attacks |
LDAP Injection | Tests if various application parameters are vulnerable to unauthorized LDAP access | LDAP Injection LDAP Error | Legacy attacks |
Local File Inclusion (LFI) | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | Local File Inclusion (LFI) | API attacks Server-side attacks |
Mass Assignment | Tests if it is possible to create requests with additional parameters to gain privilege escalation | Mass Assignment | API attacks Business logic attacks |
OS Command Injection | Tests if various application parameters are vulnerable to Operation System (OS) command injection | OS Command Injection | API attacks Server-side attacks |
Prompt Injection | Tests for prompt injections assess the manipulation of LLMs through crafted prompts, which can result in unintended actions and security vulnerabilities like data leaks and unauthorized access. | Prompt Injection | Business logic attacks |
Prototype Pollution | Tests if it is possible to inject properties into existing JavaScript objects | Prototype Pollution | Client-side attacks |
Remote File Inclusion (RFI) | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | Remote File Inclusion (RFI) | API attacks Server-side attacks |
Secret Tokens Leak | Tests for exposure of secret API tokens or keys in the target application | Secret Tokens Leak | API attacks Server-side attacks Client-side attacks |
Server Side Template Injection (SSTI) | Tests if various application parameters are vulnerable to server-side code execution | Server Side Template Injection (SSTI) | API attacks Server-side attacks |
Server Side Request Forgery (SSRF) | Tests if various application parameters are vulnerable to internal resource access | Server Side Request Forgery (SSRF) | API attacks Server-side attacks |
SQL Injection (SQLI) | SQL Injection tests vulnerable parameters for SQL database access | SQL injection SQL Injection: Blind Boolean Based SQL Injection: Blind Time Based | API attacks Server-side attacks |
Unrestricted File Upload | Tests if file upload mechanisms are validated properly and denies upload of malicious content | Unrestricted File Upload | API attacks Server-side attacks |
Unsafe Date Range (Date Manipulation) | Tests if date ranges are set and validated properly | Unsafe Date Range | API attacks Business logic attacks |
Unsafe Redirect (Unvalidated Redirect) | Tests if various application parameters are vulnerable to the injection of a malicious link that can redirect a user without validation | Unsafe Redirect | Client-side attacks |
User ID Enumeration | Tests if it is possible to collect valid user ID data by interacting with the target application | Enumerable Integer-Based ID | API attacks Business logic attacks |
Version Control System Data Leak | Tests if it is possible to access Version Control System (VCS) resources | Version Control System Data Leak | API attacks Server-side attacks Client-side attacks |
WordPress Component | Tests for known vulnerabilities related to the WordPress platform | WordPress | CVE tests Client-side attacks |
XML External Entity Injection (XXE) | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | XML External Entity Injection | Legacy attacks Server-side attacks |
XPath Injection | Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions | XPath Injection | Client-side attacks Server-side attacks |
Updated 4 months ago