-
Scan OWASP Benchmark Project using w3af, find false positives and negatives, improve.
-
We aim to meet the OpenSSF Best Practices passing or higher badge level. One of the requirements is to run dynamic code analysis on the project's source code.
See the "Analysis" section here: https…
-
Vulnerable Library - jose4j-0.7.6.jar
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
I…
-
## Description
The release of `SnakeYAML 2.0` resolves CVE-2022-1471 - currently Logstash is using `SnakeYAML 1.33`
Currently a clean bump to 2.0 results in the following error [taken from this co…
-
After scanning a site I did not have a good TLS negociation, I tested it and the result came back with the mark "A+", only using TLS1.2, but with weak cipher suites (Picture attached).
How can a si…
-
Vulnerable Library - puma-4.3.5.gem
Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production en…
-
Vulnerable Library - spring-boot-starter-actuator-2.7.1.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actua…
-
Hi,
I've just test this one into the following test scenario:
1. I've installed the DVWA application over a Windows 2003 Server virtual machine.
2. I've chosen the XSS reflected from the exercises d…
-
Vulnerable Library - opentok-4.0.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/httparty-0.18.0.gem
Found in HEAD commit: 547312…
-
Vulnerable Library - spring-boot-starter-oauth2-client-3.1.5.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-s…