search

OWASP / OFFAT

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
http://owasp.org/OFFAT/
MIT License
453 stars 64 forks source link

Additional tokens for `data_leak` #105

Closed nrathaus closed 4 months ago

nrathaus commented 4 months ago

I would suggest to add the following to the list we currently have:

  1. google_oauth_token
  2. google_oauth
  3. google_b64
  4. awsBucket
  5. xoxo- (used by slack)
  6. https://outlook.office.com/webhook/
nrathaus commented 4 months ago

https://github.com/OWASP/OFFAT/pull/107/files

dmdhrumilmistry commented 4 months ago

closing since PR is merged.