Security Tests ZAP

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • CSP: Wildcard Directive [10055] total: 12:
    • http://localhost:4000/a
    • http://localhost:4000/allocations/
    • http://localhost:4000/app/views
    • http://localhost:4000/div
    • http://localhost:4000/h1
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Missing Anti-clickjacking Header [10020] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Source Code Disclosure - SQL [10099] total: 2:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
  • Vulnerable JS Library [10003] total: 2:
    • http://localhost:4000/vendor/bootstrap/bootstrap.js
    • http://localhost:4000/vendor/jquery.min.js
  • Cookie without SameSite Attribute [10054] total: 5:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/span
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.css
    • http://localhost:4000/signup
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Dangerous JS Functions [10110] total: 4:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a5
    • http://localhost:4000/vendor/jquery.min.js
  • Permissions Policy Header Not Set [10063] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • http://localhost:4000/sitemap.xml
    • ..
  • Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 11:
    • http://localhost:4000
    • http://localhost:4000/
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • ..
  • Timestamp Disclosure - Unix [10096] total: 1:
    • http://localhost:4000/vendor/bootstrap/bootstrap.css
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/signup
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • ..
  • Authentication Request Identified [10111] total: 1:
    • http://localhost:4000/login
  • Base64 Disclosure [10094] total: 10:
    • http://localhost:4000
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/span
    • http://localhost:4000/tutorial
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 12:
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a10
    • http://localhost:4000/tutorial/a2
    • http://localhost:4000/tutorial/a3
    • ..
  • Loosely Scoped Cookie [90033] total: 6:
    • http://localhost:4000
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000/span
    • http://localhost:4000/vendor/bootstrap/bootstrap-tour.css
    • ..
  • Modern Web Application [10109] total: 12:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/tutorial
    • http://localhost:4000/tutorial/a1
    • http://localhost:4000/tutorial/a10
    • ..
  • Non-Storable Content [10049] total: 2:
    • http://localhost:4000
    • http://localhost:4000/
  • Sec-Fetch-Dest Header is Missing [90005] total: 2:
    • http://localhost:4000
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-Mode Header is Missing [90005] total: 2:
    • http://localhost:4000
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-Site Header is Missing [90005] total: 2:
    • http://localhost:4000
    • http://localhost:4000/sitemap.xml
  • Sec-Fetch-User Header is Missing [90005] total: 2:
    • http://localhost:4000
    • http://localhost:4000/sitemap.xml
  • Session Management Response Identified [10112] total: 4:
    • http://localhost:4000
    • http://localhost:4000/robots.txt
    • http://localhost:4000
    • http://localhost:4000/robots.txt
  • Storable and Cacheable Content [10049] total: 8:
    • http://localhost:4000
    • http://localhost:4000/login
    • http://localhost:4000/robots.txt
    • http://localhost:4000/signup
    • http://localhost:4000/sitemap.xml
    • ..
  • Storable but Non-Cacheable Content [10049] total: 2:
    • http://localhost:4000/vendor/bootstrap/bootstrap.css
    • http://localhost:4000/vendor/theme/sb-admin.css
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:
    • http://localhost:4000/login
    • http://localhost:4000/login

View the following link to download the report. RunnerID:6790559346

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • Open Redirect [10028] total: 1:
    • http://localhost:4000/learn?url=https://www.khanacademy.org/economics-finance-domain/core-finance/investment-vehicles-tutorial/ira-401ks/v/traditional-iras

View the following link to download the report. RunnerID:6791193495

[github-actions[bot]]

• Site: http://localhost:4000 Resolved Alerts
  • Open Redirect [10028] total: 1:

View the following link to download the report. RunnerID:6791465820

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • Open Redirect [10028] total: 1:
    • http://localhost:4000/learn?url=https://www.khanacademy.org/economics-finance-domain/core-finance/investment-vehicles-tutorial/ira-401ks/v/traditional-iras

View the following link to download the report. RunnerID:6791476088

[github-actions[bot]]

• Site: http://localhost:4000 New Alerts
  • Application Error Disclosure [90022] total: 1:
    • http://localhost:4000/allocations/4?threshold=ZAP
  • Content-Type Header Missing [10019] total: 1:
    • http://localhost:4000/research?symbol=ZAP&url=https%3A%2F%2Fzap.example.com

View the following link to download the report. RunnerID:6791495778

[github-actions[bot]]

• Site: http://localhost:4000 Resolved Alerts
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 2:

View the following link to download the report. RunnerID:6791549024