ZAP Full Scan Report - Githubissues

souro1212 / JSON-XML-things

Validate , format and convert JSON & XML locally

https://json-xml-things.souradip.in/

MIT License

1 stars 0 forks source link

ZAP Full Scan Report #24

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Site: https://json-xml-things.souradip.in New Alerts
- CORS Misconfiguration [40040] total: 30:
  - https://json-xml-things.souradip.in
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/semantic.min.css
  - ..
- CSP: Wildcard Directive [10055] total: 4:
  - https://json-xml-things.souradip.in/robots.txt
  - https://json-xml-things.souradip.in/robots.txt
  - https://json-xml-things.souradip.in/sitemap.xml
  - https://json-xml-things.souradip.in/sitemap.xml
- CSP: style-src unsafe-inline [10055] total: 2:
  - https://json-xml-things.souradip.in/robots.txt
  - https://json-xml-things.souradip.in/sitemap.xml
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://json-xml-things.souradip.in/
- Cross-Domain Misconfiguration [10098] total: 11:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/styles/dark.min.css
  - ..
- Missing Anti-clickjacking Header [10020] total: 1:
  - https://json-xml-things.souradip.in/
- Relative Path Confusion [10051] total: 21:
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/semantic.min.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - ..
- Web Cache Deception [40039] total: 7:
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/js
  - https://json-xml-things.souradip.in/js/highlight
  - https://json-xml-things.souradip.in/js/highlight/languages
  - https://json-xml-things.souradip.in/js/highlight/styles
  - ..
- Dangerous JS Functions [10110] total: 2:
  - https://json-xml-things.souradip.in/js/jquery.min.js
  - https://json-xml-things.souradip.in/js/xml2json/xml-json.js
- Permissions Policy Header Not Set [10063] total: 11:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - https://json-xml-things.souradip.in/js/highlight/languages/json.min.js
  - https://json-xml-things.souradip.in/js/highlight/languages/xml.min.js
  - https://json-xml-things.souradip.in/js/index.js
  - ..
- Strict-Transport-Security Header Not Set [10035] total: 12:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - ..
- X-Content-Type-Options Header Missing [10021] total: 11:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - ..
- Base64 Disclosure [10094] total: 4:
  - https://json-xml-things.souradip.in/css/semantic.min.css
  - https://json-xml-things.souradip.in/js/xml2json/xml-json.js
  - https://json-xml-things.souradip.in/robots.txt
  - https://json-xml-things.souradip.in/sitemap.xml
- CSP: Header & Meta [10055] total: 2:
  - https://json-xml-things.souradip.in/robots.txt
  - https://json-xml-things.souradip.in/sitemap.xml
- Information Disclosure - Suspicious Comments [10027] total: 14:
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - https://json-xml-things.souradip.in/js/jquery.min.js
  - ..
- Modern Web Application [10109] total: 1:
  - https://json-xml-things.souradip.in/
- Re-examine Cache-control Directives [10015] total: 1:
  - https://json-xml-things.souradip.in/
- Retrieved from Cache [10050] total: 12:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - ..
- Storable and Cacheable Content [10049] total: 11:
  - https://json-xml-things.souradip.in/
  - https://json-xml-things.souradip.in/css/a11y-dark.css
  - https://json-xml-things.souradip.in/css/simpleXML.css
  - https://json-xml-things.souradip.in/css/style.css
  - https://json-xml-things.souradip.in/js/highlight/highlight.js
  - ..
- User Agent Fuzzer [10104] total: 84:
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/css
  - https://json-xml-things.souradip.in/css
  - ..

View the following link to download the report. RunnerID:5239783742

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Clickjack (Detected by phrase)

Matched on "clickjack"

What is this? (2min video)

Clickjacking, which is also called UI redressing, is a trick which places an invisible panel or an identical control overlay in front of an existing application. The user clicking on that control or page is then used to perform some other action on behalf of that user i.e. Liking a social media page or posting a tweet. The click is then also passed on to the underlying application and the user is unaware that their identity has been misused.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "Information Disclosure"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior