Security Tests

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • Open Redirect [10028] total: 1:
    • http://localhost:4000/learn?url=https://www.khanacademy.org/economics-finance-domain/core-finance/investment-vehicles-tutorial/ira-401ks/v/traditional-iras
  • CSP: Wildcard Directive [10055] total: 12:
    • http://localhost:4000/a
    • http://localhost:4000/allocations/
    • http://localhost:4000/app/views
    • http://localhost:4000/div
    • http://localhost:4000/h1
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Missing Anti-clickjacking Header [10020] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Source Code Disclosure - SQL [10099] total: 2:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
  • Vulnerable JS Library [10003] total: 2:
    • http://localhost:4000/vendor/bootstrap/bootstrap.js
    • http://localhost:4000/vendor/jquery.min.js
  • Cookie without SameSite Attribute [10054] total: 5:
    • http://localhost:4000
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.css
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.js
    • http://localhost:4000/vendor/chart/raphael-min.js
    • http://localhost:4000/signup
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Dangerous JS Functions [10110] total: 4:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a5
    • http://localhost:4000/vendor/jquery.min.js
  • Permissions Policy Header Not Set [10063] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • http://localhost:4000/sitemap.xml
    • ..
  • Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 11:
    • http://localhost:4000
    • http://localhost:4000/
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • ..
  • Timestamp Disclosure - Unix [10096] total: 1:
    • http://localhost:4000/vendor/bootstrap/bootstrap.css
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Authentication Request Identified [10111] total: 1:
    • http://localhost:4000/login
  • Base64 Disclosure [10094] total: 10:
    • http://localhost:4000
    • http://localhost:4000
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a3
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 12:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a2
    • http://localhost:4000/tutorial/a3
    • http://localhost:4000/tutorial/a4
    • ..
  • Loosely Scoped Cookie [90033] total: 6:
    • http://localhost:4000
    • http://localhost:4000
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.css
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.js
    • http://localhost:4000/vendor/chart/raphael-min.js
    • ..
  • Modern Web Application [10109] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a2
    • ..
  • Non-Storable Content [10049] total: 2:
    • http://localhost:4000
    • http://localhost:4000/
  • Sec-Fetch-Dest Header is Missing [90005] total: 3:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-Mode Header is Missing [90005] total: 3:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-Site Header is Missing [90005] total: 3:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-User Header is Missing [90005] total: 3:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/sitemap.xml
  • Session Management Response Identified [10112] total: 3:
    • http://localhost:4000
    • http://localhost:4000
    • http://localhost:4000
  • Storable and Cacheable Content [10049] total: 6:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • http://localhost:4000/sitemap.xml
    • ..
  • Storable but Non-Cacheable Content [10049] total: 4:
    • http://localhost:4000/vendor/bootstrap/bootstrap.css
    • http://localhost:4000/vendor/bootstrap/bootstrap.js
    • http://localhost:4000/vendor/theme/font-awesome/css/font-awesome.min.css
    • http://localhost:4000/vendor/theme/sb-admin.css
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:
    • http://localhost:4000/login
    • http://localhost:4000/login

View the following link to download the report. RunnerID:6451075907

[github-actions[bot]]

• Site: http://localhost:4000 Resolved Alerts
  • Open Redirect [10028] total: 1:
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:

View the following link to download the report. RunnerID:6457049144

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:
    • http://localhost:4000/login
    • http://localhost:4000/login

View the following link to download the report. RunnerID:6779507419

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • Open Redirect [10028] total: 1:
    • http://localhost:4000/learn?url=https://www.khanacademy.org/economics-finance-domain/core-finance/investment-vehicles-tutorial/ira-401ks/v/traditional-iras

View the following link to download the report. RunnerID:6790458895

[github-actions[bot]]

• Site: http://localhost:4000 Resolved Alerts
  • Open Redirect [10028] total: 1:
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:

View the following link to download the report. RunnerID:6790508890