{"ScriptPreparationCode":null,"TestCases":[{"Name":"reduce","Code":"const data = {\r\n \u0022id\u0022: \u0022QL1XLymWE3w2iZA3E2xuj\u0022,\r\n \u0022title\u0022: \u0022OWASP - Web Testing Checklist\u0022,\r\n \u0022description\u0022: \u0022This checklist is based on OWASP Testing Guide and it includes a \\u201clow level\\u201d penetration testing guide that describes techniques for testing most common web application security issues and security checks to make sure that all vulnerability types are covered.\u0022,\r\n \u0022closedAt\u0022: null,\r\n \u0022blocked\u0022: false,\r\n \u0022items\u0022: [\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Information Gathering\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002260IhvL7GNb7ncIiAHggnKw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Conduct Search Engine Discovery Reconnaissance for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Identify what sensitive design and configuration information of the application, system, or organization is exposed directly (on the organization\u0027s site) or indirectly (via third-party services).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: \u0022not_applicable\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224JdxRNU76DFKaSXnWFjhJY\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002260IhvL7GNb7ncIiAHggnKw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022not_applicable\u0022,\r\n \u0022pocAvailable\u0022: true,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022D8sbZ9ZyPV0XBMuFteGA3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Server\u0022,\r\n \u0022description\u0022: \u0022Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/02-Fingerprint_Web_Server\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-02\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: \u0022passed\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227bQsKf09hYpLewyd9AJ2DU\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-02_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022D8sbZ9ZyPV0XBMuFteGA3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022passed\u0022,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225o88WI5Mi8i8LrNpeswgT1\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Webserver Metafiles for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Identify hidden or obfuscated paths and functionality through the analysis of metadata files.\\nExtract and map other information that could lead to a better understanding of the systems at hand.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/03-Review_Webserver_Metafiles_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222kMilDrKI7e8J1e5I2Pns8\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225o88WI5Mi8i8LrNpeswgT1\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: true,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022n2ZEU007Pk6LVenGfVK6t\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Enumerate Applications on Webserver\u0022,\r\n \u0022description\u0022: \u0022Enumerate the applications within the scope that exist on a web server.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/04-Enumerate_Applications_on_Webserver\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-04\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: \u0022passed\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227jEoKyq90H2gwd35uisI7I\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-04_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022n2ZEU007Pk6LVenGfVK6t\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022passed\u0022,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 1\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226RZObp1xGpzu6r04QKf6xm\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Web Page Content for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Review web page comments, metadata, and redirect bodies to find any information leakage.\\nGather JavaScript files and review the JS code to better understand the application and to find any information leakage.\\nIdentify if source map files or other frontend debug files exist.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/05-Review_Web_Page_Content_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223QOYjEM9dhVgvAClWtmdd7\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226RZObp1xGpzu6r04QKf6xm\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226yI5X56LROrnR4WdlA2JoH\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Identify Application Entry Points\u0022,\r\n \u0022description\u0022: \u0022Identify possible entry and injection points through request and response analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/06-Identify_Application_Entry_Points\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002233rLMf2XGsZi5bQRnXmfxO\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226yI5X56LROrnR4WdlA2JoH\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225b7NEhm2YGqAdDNxKaRwwZ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Map Execution Paths Through Application\u0022,\r\n \u0022description\u0022: \u0022Map the target application and understand the principal workflows.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/07-Map_Execution_Paths_Through_Application\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-07\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002225OEzXB6IDLtQacQ2QYOG2\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-07_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225b7NEhm2YGqAdDNxKaRwwZ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002236V7iywjArebMqqUdvH43b\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Application Framework\u0022,\r\n \u0022description\u0022: \u0022Fingerprint the components used by the web applications.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/08-Fingerprint_Web_Application_Framework\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225L0lCZ0ol11TMyrYkBk0Rg\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002236V7iywjArebMqqUdvH43b\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223gxL1FKjQLNyRF0330t4NP\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Application\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Fingerprint Web Application Framework.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/09-Fingerprint_Web_Application\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022Vg7KS9CaG3Bu3YQxCvEiy\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223gxL1FKjQLNyRF0330t4NP\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225PfskJykrZOacFLTXRxGsN\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Map Application Architecture\u0022,\r\n \u0022description\u0022: \u0022Understand the architecture of the application and the technologies in use.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/10-Map_Application_Architecture\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223Ud2O7Sw2Jeido96jrHrcS\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225PfskJykrZOacFLTXRxGsN\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Configuration and Deployment Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225GCIJ9e1sLsR2RgZ35z7bB\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Network Infrastructure Configuration\u0022,\r\n \u0022description\u0022: \u0022Review the applications\u0027 configurations set across the network and validate that they are not vulnerable.\\nValidate that used frameworks and systems are secure and not susceptible to known vulnerabilities due to unmaintained software or default settings and credentials.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/01-Test_Network_Infrastructure_Configuration\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002259UELnjAJ2ExVgK3GQ0yl8\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225GCIJ9e1sLsR2RgZ35z7bB\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022CDumZOXap3geS55l2enVJ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Application Platform Configuration\u0022,\r\n \u0022description\u0022: \u0022Ensure that default and known files have been removed.\\nValidate that no debugging code or extensions are left in the production environments.\\nReview the logging mechanisms set in place for the application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/02-Test_Application_Platform_Configuration\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022efE7wJz63l6gxZ2UeqFe\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022CDumZOXap3geS55l2enVJ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223KYbvT3gszflgHGolJ7pgA\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test File Extensions Handling for Sensitive Information\u0022,\r\n \u0022description\u0022: \u0022Brute force sensitive file extensions that might contain raw data such as scripts, credentials, etc.\\nValidate that no system framework bypasses exist for the rules that have been set\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/03-Test_File_Extensions_Handling_for_Sensitive_Information\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227g7gR1u9qt5S4RxCkMl4Js\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223KYbvT3gszflgHGolJ7pgA\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223Wtw2lAqUobXJmdGwgI9L7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Old Backup and Unreferenced Files for Sensitive Information\u0022,\r\n \u0022description\u0022: \u0022Find and analyse unreferenced files that might contain sensitive information.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022MCcUuYYbv9HOWcwuRgcSp\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223Wtw2lAqUobXJmdGwgI9L7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225OiGRBdKAYA8mx1C0ujSbY\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Enumerate Infrastructure and Application Admin Interfaces\u0022,\r\n \u0022description\u0022: \u0022Identify hidden administrator interfaces and functionality.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002249wSaNlZ0mG0xUhG0mdIYS\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225OiGRBdKAYA8mx1C0ujSbY\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222RMYRFOab1o2YyAVcMiQww\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test HTTP Methods\u0022,\r\n \u0022description\u0022: \u0022Enumerate supported HTTP methods.\\nTest for access control bypass.\\nTest HTTP method overriding techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/06-Test_HTTP_Methods\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227lyHqDp8L6FA58Tr3eNn14\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222RMYRFOab1o2YyAVcMiQww\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226zUldnSr1l1wpRfARNivhC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test HTTP Strict Transport Security\u0022,\r\n \u0022description\u0022: \u0022Review the HSTS header and its validity.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/07-Test_HTTP_Strict_Transport_Security\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227Z91tdcfOB941bm3Iwk01T\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226zUldnSr1l1wpRfARNivhC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022L9tbrygzgj5Mk9hH246Jd\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test RIA Cross Domain Policy\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/08-Test_RIA_Cross_Domain_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226ctaUBLDyfbxVasXTkPH78\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022L9tbrygzgj5Mk9hH246Jd\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222XZJlyC2jeqdWwagfTkFzN\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test File Permission\u0022,\r\n \u0022description\u0022: \u0022Review and identify any rogue file permissions.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/09-Test_File_Permission\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223s9kdE7UiZrj6sHfHoqIVr\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222XZJlyC2jeqdWwagfTkFzN\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221IjEfNbjOg443fqUSokpMh\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test for Subdomain Takeover\u0022,\r\n \u0022description\u0022: \u0022Enumerate all possible domains (previous and current).\\nIdentify forgotten or misconfigured domains.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/10-Test_for_Subdomain_Takeover\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002232olG8CiL62AjAEtL8vZH\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221IjEfNbjOg443fqUSokpMh\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225NZCLypAPwxnu97Wop0iVs\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Cloud Storage\u0022,\r\n \u0022description\u0022: \u0022Assess that the access control configuration for the storage services is properly in place.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/11-Test_Cloud_Storage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223KJeKynYf5jsvNc6v2viRD\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225NZCLypAPwxnu97Wop0iVs\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223aE9FmI43OqwtTFEfO4yID\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Content Security Policy\u0022,\r\n \u0022description\u0022: \u0022Review the Content-Security-Policy header or meta element to identify misconfigurations.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/12-Test_for_Content_Security_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022110wDlUJvBSEqlUys4d0Uy\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223aE9FmI43OqwtTFEfO4yID\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227Xjd3PHoQ6vQzLhdPZEI3k\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Path Confusion\u0022,\r\n \u0022description\u0022: \u0022Make sure application paths are configured correctly.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/13-Test_for_Path_Confusion\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223m612bu8eieOALBBlkPahO\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227Xjd3PHoQ6vQzLhdPZEI3k\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Identity Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022drQ5Yu2Kan1wlnQ38qZsG\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Role Definitions\u0022,\r\n \u0022description\u0022: \u0022Identify and document roles used by the application.\\nAttempt to switch, change, or access another role.\\nReview the granularity of the roles and the needs behind the permissions given.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/01-Test_Role_Definitions\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002252OOCa00CZbVNmoD10tvsW\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022drQ5Yu2Kan1wlnQ38qZsG\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224g4dnhqCgKfmaOj9cbSnSS\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test User Registration Process\u0022,\r\n \u0022description\u0022: \u0022Verify that the identity requirements for user registration are aligned with business and security requirements.\\nValidate the registration process.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/02-Test_User_Registration_Process\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222mM66KPoiHm3mkmMAtNn7P\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224g4dnhqCgKfmaOj9cbSnSS\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222IovKxTrS96tUJrzYnzGp2\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Account Provisioning Process\u0022,\r\n \u0022description\u0022: \u0022Verify which accounts may provision other accounts and of what type.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/03-Test_Account_Provisioning_Process\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225ABN63Go0d9XXrNX8XFNJp\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222IovKxTrS96tUJrzYnzGp2\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221uN0PaIOFyLjHWRrzoAnFy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Account Enumeration and Guessable User Account\u0022,\r\n \u0022description\u0022: \u0022Review processes that pertain to user identification (*e.g.* registration, login, etc.).\\nEnumerate users where possible through response analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/04-Testing_for_Account_Enumeration_and_Guessable_User_Account\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225Ec2gyQV6fnSXLXOBm6R9D\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221uN0PaIOFyLjHWRrzoAnFy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223X6uM3I2DEptyZOptB5EAI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak or Unenforced Username Policy\u0022,\r\n \u0022description\u0022: \u0022Determine whether a consistent account name structure renders the application vulnerable to account enumeration.\\nDetermine whether the application\u0027s error messages permit account enumeration.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/05-Testing_for_Weak_or_Unenforced_Username_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223pLtPKyjeUvDZKaSakCYTB\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223X6uM3I2DEptyZOptB5EAI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Authentication Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223SQpNg4NHDDDKTk6YFNBef\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Credentials Transported over an Encrypted Channel\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Testing for Sensitive Information Sent via Unencrypted Channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225yecoDeBWQirx6VW7D8rYT\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223SQpNg4NHDDDKTk6YFNBef\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222JfMZ2f7B9Qf5OBVgAknhe\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Default Credentials\u0022,\r\n \u0022description\u0022: \u0022Determine whether the application has any user accounts with default passwords.\\nReview whether new user accounts are created with weak or predictable passwords.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/02-Testing_for_Default_Credentials\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223KKJ0yH06LgCbgdnRIxdmQ\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222JfMZ2f7B9Qf5OBVgAknhe\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022lz428xqsQm9r8ZJfvvytI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Lock Out Mechanism\u0022,\r\n \u0022description\u0022: \u0022Evaluate the account lockout mechanism\u0027s ability to mitigate brute force password guessing.\\nEvaluate the unlock mechanism\u0027s resistance to unauthorized account unlocking.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/03-Testing_for_Weak_Lock_Out_Mechanism\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022aBoTcnBPqwRTBUnULTZuT\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022lz428xqsQm9r8ZJfvvytI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022333kZwu4PvfGkR6uX0JfHc\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Bypassing Authentication Schema\u0022,\r\n \u0022description\u0022: \u0022Ensure that authentication is applied across all services that require it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/04-Testing_for_Bypassing_Authentication_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221dGaCYnspuzlYe5U9NUGAE\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022333kZwu4PvfGkR6uX0JfHc\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002266dm3iYXMkGTCKhxistE4k\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Vulnerable Remember Password\u0022,\r\n \u0022description\u0022: \u0022Validate that the generated session is managed securely and do not put the user\u0027s credentials in danger.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/05-Testing_for_Vulnerable_Remember_Password\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223y1fiPSnTqdO13YwaDmyat\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002266dm3iYXMkGTCKhxistE4k\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002220TXwBCgKd9si6D0O0mbCk\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Browser Cache Weaknesses\u0022,\r\n \u0022description\u0022: \u0022Review if the application stores sensitive information on the client-side.\\nReview if access can occur without authorization.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/06-Testing_for_Browser_Cache_Weaknesses\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224DpsNmQS8nT6HnK2igNNJw\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002220TXwBCgKd9si6D0O0mbCk\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221Ctpi50oi5AUhZCIlv42fT\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Password Policy\u0022,\r\n \u0022description\u0022: \u0022Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse, and aging requirements of passwords.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/07-Testing_for_Weak_Password_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226utwl28BbdQqp0wm2LODtg\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221Ctpi50oi5AUhZCIlv42fT\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226j5phsyf40BfdQujCdbIay\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Security Question Answer\u0022,\r\n \u0022description\u0022: \u0022Determine the complexity and how straight-forward the questions are.\\nAssess possible user answers and brute force capabilities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/08-Testing_for_Weak_Security_Question_Answer\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221vMfl61N9jx2gUa8wYN7xa\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226j5phsyf40BfdQujCdbIay\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226Gqme1CnDnDy1juncAGb3c\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Password Change or Reset Functionalities\u0022,\r\n \u0022description\u0022: \u0022Determine whether the password change and reset functionality allows accounts to be compromised.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002243jw9ImRrU9Y8g7n3vRper\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226Gqme1CnDnDy1juncAGb3c\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222hau77yI6r4en9TpLc5Hgw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weaker Authentication in Alternative Channel\u0022,\r\n \u0022description\u0022: \u0022Identify alternative authentication channels.\\nAssess the security measures used and if any bypasses exists on the alternative channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/10-Testing_for_Weaker_Authentication_in_Alternative_Channel\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022yPRnmDBZRMSvhDj7rZFeu\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222hau77yI6r4en9TpLc5Hgw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223AO4O32KnVCccM8UzZ5f2G\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Multi-Factor Authentication (MFA)\u0022,\r\n \u0022description\u0022: \u0022Identify the type of MFA used by the application.\\nDetermine whether the MFA implementation is robust and secure.\\nAttempt to bypass the MFA.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/11-Testing_Multi-Factor_Authentication\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225v394QkdwnheWyXrPSXtjA\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223AO4O32KnVCccM8UzZ5f2G\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Authorization Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222ZrtGtVD7dxEJbY2zkFnfB\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Directory Traversal File Include\u0022,\r\n \u0022description\u0022: \u0022Identify injection points that pertain to path traversal.\\nAssess bypassing techniques and identify the extent of path traversal.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/01-Testing_Directory_Traversal_File_Include\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002273If6yNnANqO62SkunglKZ\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222ZrtGtVD7dxEJbY2zkFnfB\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223hUPPENIry3xkCsNPDMMHb\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Bypassing Authorization Schema\u0022,\r\n \u0022description\u0022: \u0022Assess if horizontal or vertical access is possible.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/02-Testing_for_Bypassing_Authorization_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227MEXLngrzXBdf3yRqG6Ik3\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223hUPPENIry3xkCsNPDMMHb\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002213SHJl2QqUw207cIuh2uIR\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Privilege Escalation\u0022,\r\n \u0022description\u0022: \u0022Identify injection points related to privilege manipulation.\\nFuzz or otherwise attempt to bypass security measures.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/03-Testing_for_Privilege_Escalation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227d7uBT3dWt3WNlKhGb8goc\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002213SHJl2QqUw207cIuh2uIR\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221rdeetyxDwEZc5JqHSv5hY\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Insecure Direct Object References\u0022,\r\n \u0022description\u0022: \u0022Identify points where object references may occur.\\nAssess the access control measures and if they\u0027re vulnerable to IDOR.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/04-Testing_for_Insecure_Direct_Object_References\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225hW8Zh1iNDJ274ZZymLqL0\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221rdeetyxDwEZc5JqHSv5hY\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225Stq6WtkjScNFEk3NGPICO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for OAuth Weaknesses\u0022,\r\n \u0022description\u0022: \u0022Determine if OAuth2 implementation is vulnerable or using a deprecated or custom implementation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/05-Testing_for_OAuth_Weaknesses\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222jaTfEXouCQqll1TYVZpSF\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225Stq6WtkjScNFEk3NGPICO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Session Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223USg5n9656E2d5mTrFJ91E\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Management Schema\u0022,\r\n \u0022description\u0022: \u0022Gather session tokens, for the same user and for different users where possible.\\nAnalyze and ensure that enough randomness exists to stop session forging attacks.\\nModify cookies that are not signed and contain information that can be manipulated.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/01-Testing_for_Session_Management_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225melVaTekq1GZsQRslORsT\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223USg5n9656E2d5mTrFJ91E\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221VtvNUPt0MOi8mPi20ZopW\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cookies Attributes\u0022,\r\n \u0022description\u0022: \u0022Ensure that the proper security configuration is set for cookies.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/02-Testing_for_Cookies_Attributes\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223LUqoO6uFPVNvSH2u0lQii\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221VtvNUPt0MOi8mPi20ZopW\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224GeEVgBKIQGQcfBTqSNXMD\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Fixation\u0022,\r\n \u0022description\u0022: \u0022Analyze the authentication mechanism and its flow.\\nForce cookies and assess the impact.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/03-Testing_for_Session_Fixation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022POiEJ7C6BrobTng3gl2J4\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224GeEVgBKIQGQcfBTqSNXMD\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221Q9AOX6mkwxTcGKKllF5w5\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Exposed Session Variables\u0022,\r\n \u0022description\u0022: \u0022Ensure that proper encryption is implemented.\\nReview the caching configuration.\\nAssess the channel and methods\u0027 security.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/04-Testing_for_Exposed_Session_Variables\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222cikQe08L4mlp7dqVQ8EOB\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221Q9AOX6mkwxTcGKKllF5w5\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002279ZuBfRjKfb7VX8QAVgmok\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Request Forgery\u0022,\r\n \u0022description\u0022: \u0022Determine whether it is possible to initiate requests on a user\u0027s behalf that are not initiated by the user.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/05-Testing_for_Cross_Site_Request_Forgery\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221CSlX5alKh4vSmz2HIbQ3P\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002279ZuBfRjKfb7VX8QAVgmok\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022Ggbw68HqUrT9EAdEA284l\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Logout Functionality\u0022,\r\n \u0022description\u0022: \u0022Assess the logout UI.\\nAnalyze the session timeout and if the session is properly killed after logout.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/06-Testing_for_Logout_Functionality\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227XQPZMnrsmehQAIswIY4dv\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022Ggbw68HqUrT9EAdEA284l\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002238wIktSbw3QoazLE1lNfib\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Session Timeout\u0022,\r\n \u0022description\u0022: \u0022Validate that a hard session timeout exists.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/07-Testing_Session_Timeout\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223D1zn77YcSBRFtVDsyj3KG\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002238wIktSbw3QoazLE1lNfib\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225HxYWIBXUleHrrBQNsLGhq\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Puzzling\u0022,\r\n \u0022description\u0022: \u0022Identify all session variables.\\nBreak the logical flow of session generation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/08-Testing_for_Session_Puzzling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226BqovplxNGMyUg7PIK8UxK\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225HxYWIBXUleHrrBQNsLGhq\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002270njqXpOUgRXvvxr2wnIbF\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Hijacking\u0022,\r\n \u0022description\u0022: \u0022Identify vulnerable session cookies.\\nHijack vulnerable cookies and assess the risk level.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/09-Testing_for_Session_Hijacking\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227ERiQi9RI3BElkE5B3c5xQ\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002270njqXpOUgRXvvxr2wnIbF\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224FtrkH1XAIA2o1eUe2D7Ko\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing JSON Web Tokens\u0022,\r\n \u0022description\u0022: \u0022Determine whether the JWTs expose sensitive information.\\nDetermine whether the JWTs can be tampered with or modified.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/10-Testing_JSON_Web_Tokens\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002244GavL2SWyflmMbdE3HX1C\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224FtrkH1XAIA2o1eUe2D7Ko\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Input Validation Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022FTGLng58bkdoL44WhDxix\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Reflected Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify variables that are reflected in responses.\\nAssess the input they accept and the encoding that gets applied on return (if any).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/01-Testing_for_Reflected_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225y3reJgVfrNBnZ3HXgalz9\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022FTGLng58bkdoL44WhDxix\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226utWjKa2eNPyxg6L4s2T2G\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Stored Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify stored input that is reflected on the client-side.\\nAssess the input they accept and the encoding that gets applied on return (if any).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/02-Testing_for_Stored_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224PgWi8tCI8qA1b1ZeIDwEY\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226utWjKa2eNPyxg6L4s2T2G\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002267v9wdqIadk608UbYED7Zw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Verb Tampering\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Test HTTP Methods\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/03-Testing_for_HTTP_Verb_Tampering\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222gzE4JIwEygl4bfmwMdECZ\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002267v9wdqIadk608UbYED7Zw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226Dr2byCJgr2zwlxG1qhcNl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Parameter Pollution\u0022,\r\n \u0022description\u0022: \u0022Identify the backend and the parsing method used.\\nAssess injection points and try bypassing input filters using HPP.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/04-Testing_for_HTTP_Parameter_Pollution\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226zV6VWfLeKSCsxiAG1Ig61\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226Dr2byCJgr2zwlxG1qhcNl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227eYOngQ5wY7uit0ZdIh0Ci\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for SQL Injection\u0022,\r\n \u0022description\u0022: \u0022Identify SQL injection points.\\nAssess the severity of the injection and the level of access that can be achieved through it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/05-Testing_for_SQL_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224ZkYEG6A6omxGWtKPAAyD6\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227eYOngQ5wY7uit0ZdIh0Ci\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221mkEaTA9jNwNCdQokzsLwQ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for LDAP Injection\u0022,\r\n \u0022description\u0022: \u0022Identify LDAP injection points.\\nAssess the severity of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/06-Testing_for_LDAP_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223WuTb1BIreNesm1jCIV1NK\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221mkEaTA9jNwNCdQokzsLwQ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225fmDVrUJy6Nf0TAZ8CRzxl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for XML Injection\u0022,\r\n \u0022description\u0022: \u0022Identify XML injection points.\\nAssess the types of exploits that can be attained and their severities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/07-Testing_for_XML_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226EjmentnnVloLM5MUDVdQp\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225fmDVrUJy6Nf0TAZ8CRzxl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223i6GgiTQ5Ph8sWcwuz02G5\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for SSI Injection\u0022,\r\n \u0022description\u0022: \u0022Identify SSI injection points.\\nAssess the severity of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/08-Testing_for_SSI_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222hhzhLJ0mNyc7PnO2hPKyb\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223i6GgiTQ5Ph8sWcwuz02G5\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222r3FnbUlzALUXAkClK1BNj\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for XPath Injection\u0022,\r\n \u0022description\u0022: \u0022Identify XPATH injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/09-Testing_for_XPath_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225HyNNrDN6POw6aBQyQQGA9\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222r3FnbUlzALUXAkClK1BNj\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223mTvYVb2La0UviXa9UMMY3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for IMAP SMTP Injection\u0022,\r\n \u0022description\u0022: \u0022Identify IMAP\\/SMTP injection points.\\nUnderstand the data flow and deployment structure of the system.\\nAssess the injection impacts.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/10-Testing_for_IMAP_SMTP_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225wsx4k6AIAKkSJN20oXUw1\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223mTvYVb2La0UviXa9UMMY3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002213ibWn9vtJY1uNIMkjXPqU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Code Injection\u0022,\r\n \u0022description\u0022: \u0022Identify injection points where you can inject code into the application.\\nAssess the injection severity.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/11-Testing_for_Code_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221WOUTNfKRw9pRl1rseEnzc\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002213ibWn9vtJY1uNIMkjXPqU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221kYBvTjU9srpCMMlppcF1Y\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Command Injection\u0022,\r\n \u0022description\u0022: \u0022Identify and assess the command injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/12-Testing_for_Command_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224WJiSGtKx4nmhLTgHvSFGd\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221kYBvTjU9srpCMMlppcF1Y\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022YZd93XyXpgpBPYe9INw54\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Buffer Overflow\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/13-Testing_for_Buffer_Overflow\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225cBdLCwIxM8FMIg3yvxKMw\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022YZd93XyXpgpBPYe9INw54\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221nvAWhjd5wD7siH7keCI6w\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Format String Injection\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/13-Testing_for_Format_String_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227RK51rifcf7Ki8yVW1cSHP\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221nvAWhjd5wD7siH7keCI6w\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224yhcCutIpnPWIFt1adcKpy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Incubated Vulnerability\u0022,\r\n \u0022description\u0022: \u0022Identify injections that are stored and require a recall step to the stored injection.\\nUnderstand how a recall step could occur.\\nSet listeners or activate the recall step if possible.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/14-Testing_for_Incubated_Vulnerability\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-14\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022KivZRJUcapP3JseKmz4V5\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-14_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224yhcCutIpnPWIFt1adcKpy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022wm473WJkKTtHR3fWDiHMw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Splitting Smuggling\u0022,\r\n \u0022description\u0022: \u0022Assess if the application is vulnerable to splitting, identifying what possible attacks are achievable.\\nAssess if the chain of communication is vulnerable to smuggling, identifying what possible attacks are achievable.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/15-Testing_for_HTTP_Splitting_Smuggling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-15\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002221BIn0czicm9OPm285k23M\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-15_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022wm473WJkKTtHR3fWDiHMw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221pRC0BdLI5pNpF8e1oCkyS\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Incoming Requests\u0022,\r\n \u0022description\u0022: \u0022Monitor all incoming and outgoing HTTP requests to the Web Server to inspect any suspicious requests.\\nMonitor HTTP traffic without changes of end user Browser proxy or client-side application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/16-Testing_for_HTTP_Incoming_Requests\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-16\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222Ao9Cej6Md0hxRHLauUTOA\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-16_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221pRC0BdLI5pNpF8e1oCkyS\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224rVMw0PsEyNu50z1DR9PGx\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Host Header Injection\u0022,\r\n \u0022description\u0022: \u0022Assess if the Host header is being parsed dynamically in the application.\\nBypass security controls that rely on the header.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/17-Testing_for_Host_Header_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-17\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227VhDNh0Q29oeavwhxnpO4A\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-17_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224rVMw0PsEyNu50z1DR9PGx\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225RU8dV3S0TEuUfxlP3bq60\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Server-side Template Injection\u0022,\r\n \u0022description\u0022: \u0022Detect template injection vulnerability points.\\nIdentify the templating engine.\\nBuild the exploit.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/18-Testing_for_Server-side_Template_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-18\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224t0STJ9Rrs4TrwELSuZtv8\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-18_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225RU8dV3S0TEuUfxlP3bq60\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022dG4UZOl06Vl5z4LMl0RcT\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Server-Side Request Forgery\u0022,\r\n \u0022description\u0022: \u0022Identify SSRF injection points.\\nTest if the injection points are exploitable.\\nAsses the severity of the vulnerability.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/19-Testing_for_Server-Side_Request_Forgery\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-19\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226l82t2Ga7flSsP3onOc6oK\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-19_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022dG4UZOl06Vl5z4LMl0RcT\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002253YZkzP1ngDxN7hoEURBsO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Mass Assignment\u0022,\r\n \u0022description\u0022: \u0022Identify requests that modify objects\\nAssess if it is possible to modify fields never intended to be modified from outside\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/20-Testing_for_Mass_Assignment\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-20\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221xIkQ7qcFUjj6jh0u2skgz\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-20_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002253YZkzP1ngDxN7hoEURBsO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Testing for Error Handling\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224bopUtbUPg4ty6c5q35Ii3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Improper Error Handling\u0022,\r\n \u0022description\u0022: \u0022Identify existing error output.\\nAnalyze the different output returned.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/08-Testing_for_Error_Handling\\/01-Testing_For_Improper_Error_Handling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ERRH-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002245b0hNQekFsP8K0Zea7Nos\u0022,\r\n \u0022title\u0022: \u0022WSTG-ERRH-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224bopUtbUPg4ty6c5q35Ii3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222iGa5OEPafEsDUHeo6BFFu\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Stack Traces\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Testing for Improper Error Handling.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/08-Testing_for_Error_Handling\\/02-Testing_for_Stack_Traces\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ERRH-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224SKZ0yDIk0Q5nhQhPIOMrV\u0022,\r\n \u0022title\u0022: \u0022WSTG-ERRH-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222iGa5OEPafEsDUHeo6BFFu\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Cryptography\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227KxQtDqOY6NXmNXjiiBNtp\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Transport Layer Security\u0022,\r\n \u0022description\u0022: \u0022Validate the service configuration.\\nReview the digital certificate\u0027s cryptographic strength and validity.\\nEnsure that the TLS security is not bypassable and is properly implemented across the application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/01-Testing_for_Weak_Transport_Layer_Security\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223JUiNrRlcpeonk9QyY5CHH\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227KxQtDqOY6NXmNXjiiBNtp\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022vPZr2AP0dY367WonUz6Wy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Padding Oracle\u0022,\r\n \u0022description\u0022: \u0022Identify encrypted messages that rely on padding.\\nAttempt to break the padding of the encrypted messages and analyze the returned error messages for further analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/02-Testing_for_Padding_Oracle\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221k62tW6pzvelkCTmWCgbkn\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022vPZr2AP0dY367WonUz6Wy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227XMTzVShk1PWUZvvqnJVu7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Sensitive Information Sent via Unencrypted Channels\u0022,\r\n \u0022description\u0022: \u0022Identify sensitive information transmitted through the various channels.\\nAssess the privacy and security of the channels used.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224nZHRDTrboacqHEWDljoLq\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227XMTzVShk1PWUZvvqnJVu7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222lS9DXA6cpcMwYNytq0oEU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Encryption\u0022,\r\n \u0022description\u0022: \u0022Provide a guideline for the identification weak encryption or hashing uses and implementations.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/04-Testing_for_Weak_Encryption\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225KWbMxAYLzqExNuhU9x6lp\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222lS9DXA6cpcMwYNytq0oEU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Business Logic Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002221Mw4d26XHFtsIJyaqyHYn\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Business Logic Data Validation\u0022,\r\n \u0022description\u0022: \u0022Identify data injection points.\\nValidate that all checks are occurring on the backend and can\u0027t be bypassed.\\nAttempt to break the format of the expected data and analyze how the application is handling it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/01-Test_Business_Logic_Data_Validation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222DpYFvHDe7q4m00NgJ535o\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002221Mw4d26XHFtsIJyaqyHYn\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224rM1ah8usPRgCMY0P8anQ7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Ability to Forge Requests\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation looking for guessable, predictable, or hidden functionality of fields.\\nInsert logically valid data in order to bypass normal business logic workflow.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/02-Test_Ability_to_Forge_Requests\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022385OFn4w42yUq7Laof1VIV\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224rM1ah8usPRgCMY0P8anQ7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222P8Dho2qZdBA6VBdSCkVqM\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Integrity Checks\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for components of the system that move, store, or handle data.\\nDetermine what type of data is logically acceptable by the component and what types the system should guard against.\\nDetermine who should be allowed to modify or read that data in each component.\\nAttempt to insert, update, or delete data values used by each component that should not be allowed per the business logic workflow.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/03-Test_Integrity_Checks\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222s623svdzf8TlrcwH00xut\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222P8Dho2qZdBA6VBdSCkVqM\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022KtwC0Ks7ck6AhU73nlYLq\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test for Process Timing\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for system functionality that may be impacted by time.\\nDevelop and execute misuse cases.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/04-Test_for_Process_Timing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002260vDYt58br97iARGidh7u4\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022KtwC0Ks7ck6AhU73nlYLq\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224oSDHl2bD0Cs9dIP6tZZZ8\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Number of Times a Function Can Be Used Limits\u0022,\r\n \u0022description\u0022: \u0022Identify functions that must set limits to the times they can be called.\\nAssess if there is a logical limit set on the functions and if it is properly validated.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224n1KTq5vy2Qgu3h2EDKtpt\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224oSDHl2bD0Cs9dIP6tZZZ8\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223J4uprRMySV4c4FeYlOqKX\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for the Circumvention of Work Flows\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for methods to skip or go through steps in the application process in a different order from the intended business logic flow.\\nDevelop a misuse case and try to circumvent every logic flow identified.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/06-Testing_for_the_Circumvention_of_Work_Flows\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002214kdeb1KhJ13SJa4TeaGj9\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223J4uprRMySV4c4FeYlOqKX\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226SAuC5xy2fiI14CzaD21b7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Defenses Against Application Misuse\u0022,\r\n \u0022description\u0022: \u0022Generate notes from all tests conducted against the system.\\nReview which tests had a different functionality based on aggressive input.\\nUnderstand the defenses in place and verify if they are enough to protect the system against bypassing techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/07-Test_Defenses_Against_Application_Misuse\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224VK5QYmQT4SzXutH6DdUX7\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226SAuC5xy2fiI14CzaD21b7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222Ymftbn0VoP4rnUIJbxzB8\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Upload of Unexpected File Types\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for file types that are rejected by the system.\\nVerify that the unwelcomed file types are rejected and handled safely.\\nVerify that file batch uploads are secure and do not allow any bypass against the set security measures.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/08-Test_Upload_of_Unexpected_File_Types\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022CbX9Ugfz6eBXxwV0XQMVR\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222Ymftbn0VoP4rnUIJbxzB8\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227LY159B7popyyO4p9bB8vs\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Upload of Malicious Files\u0022,\r\n \u0022description\u0022: \u0022Identify the file upload functionality.\\nReview the project documentation to identify what file types are considered acceptable, and what types would be considered dangerous or malicious.\\nIf documentation is not available then consider what would be appropriate based on the purpose of the application.\\nDetermine how the uploaded files are processed.\\nObtain or create a set of malicious files for testing.\\nTry to upload the malicious files to the application and determine whether it is accepted and processed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/09-Test_Upload_of_Malicious_Files\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224pauBNI8jOat7YUkSusxEL\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227LY159B7popyyO4p9bB8vs\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221pfZVCtGpKVVNGQd6ngrpC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Payment Functionality\u0022,\r\n \u0022description\u0022: \u0022Determine whether the business logic for the e-commerce functionality is robust.\\nUnderstand how the payment functionality works.\\nDetermine whether the payment functionality is secure.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/10-Test-Payment-Functionality\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221OXfJCITRr99TWrID9Ru0E\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221pfZVCtGpKVVNGQd6ngrpC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Client-side Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225QStfbuzhpUHhJkjHV9pqO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for DOM-Based Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify DOM sinks.\\nBuild payloads that pertain to every sink type.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/01-Testing_for_DOM-based_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002215pBn6slFuLq1ej971I3I3\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225QStfbuzhpUHhJkjHV9pqO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222WyCI1HI9pAe7KNGhsMzYE\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for JavaScript Execution\u0022,\r\n \u0022description\u0022: \u0022Identify sinks and possible JavaScript injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/02-Testing_for_JavaScript_Execution\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222dmkJ7KNyY8kGtrELjOTwI\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222WyCI1HI9pAe7KNGhsMzYE\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022332prvQE5Ik09A8bbrR9kG\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTML Injection\u0022,\r\n \u0022description\u0022: \u0022Identify HTML injection points and assess the severity of the injected content.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/03-Testing_for_HTML_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223y2t8CFMuQ814tmcwhGEEm\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022332prvQE5Ik09A8bbrR9kG\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223EJBfwCFLfYClrlvaOLFXU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Client-side URL Redirect\u0022,\r\n \u0022description\u0022: \u0022Identify injection points that handle URLs or paths.\\nAssess the locations that the system could redirect to.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/04-Testing_for_Client-side_URL_Redirect\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222APcphDhH1NsWH0qeeacQJ\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223EJBfwCFLfYClrlvaOLFXU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226ZXLMOZLfE0kNTZTDDDMpl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for CSS Injection\u0022,\r\n \u0022description\u0022: \u0022Identify CSS injection points.\\nAssess the impact of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/05-Testing_for_CSS_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221csgrhybCJiARVAHgsEk37\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226ZXLMOZLfE0kNTZTDDDMpl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224YaL5BBlTsUewEJCv72HRe\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Client-side Resource Manipulation\u0022,\r\n \u0022description\u0022: \u0022Identify sinks with weak input validation.\\nAssess the impact of the resource manipulation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/06-Testing_for_Client-side_Resource_Manipulation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226D8kqEip6PBxPfFzQ4RcZ4\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224YaL5BBlTsUewEJCv72HRe\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225gkWLwQ1p8ZDAHK1dc2qAD\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Cross Origin Resource Sharing\u0022,\r\n \u0022description\u0022: \u0022Identify endpoints that implement CORS.\\nEnsure that the CORS configuration is secure or harmless.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/07-Testing_Cross_Origin_Resource_Sharing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022YmkWwQNetd6bVXJgIyPDs\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225gkWLwQ1p8ZDAHK1dc2qAD\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002223I4IIQUvXW9X3QgVfMtTI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Flashing\u0022,\r\n \u0022description\u0022: \u0022Decompile and analyze the application\u0027s code.\\nAssess sinks inputs and unsafe method usages.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/08-Testing_for_Cross_Site_Flashing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226huqD8NAe1KMi3PLjsUUYu\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002223I4IIQUvXW9X3QgVfMtTI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224eWP8KkUGMcKqsir0ezeIK\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Clickjacking\u0022,\r\n \u0022description\u0022: \u0022Understand security measures in place.\\nAssess how strict the security measures are and if they are bypassable.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/09-Testing_for_Clickjacking\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221OFpdQa0qTRilgl3pvTKX\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224eWP8KkUGMcKqsir0ezeIK\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226941wk5NOVOXIpZ67OW7xC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing WebSockets\u0022,\r\n \u0022description\u0022: \u0022Identify the usage of WebSockets.\\nAssess its implementation by using the same tests on normal HTTP channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/10-Testing_WebSockets\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221zHGqQPo2ScBoWwSqeQ4Pt\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226941wk5NOVOXIpZ67OW7xC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227ReAhcWedaGxfsWjUavUvL\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Web Messaging\u0022,\r\n \u0022description\u0022: \u0022Assess the security of the message\u0027s origin.\\nValidate that it\u0027s using safe methods and validating its input.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/11-Testing_Web_Messaging\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022lngZtPGZKOic4VpIGJx7V\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227ReAhcWedaGxfsWjUavUvL\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222MgvrcASrKvzqp8b9NMBIU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Browser Storage\u0022,\r\n \u0022description\u0022: \u0022Determine whether the website is storing sensitive data in client-side storage.\\nThe code handling of the storage objects should be examined for possibilities of injection attacks, such as utilizing unvalidated input or vulnerable libraries.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/12-Testing_Browser_Storage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223UDmiG2YyXZ3qHPjJZVrCD\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222MgvrcASrKvzqp8b9NMBIU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002253cqp0WizP5UcD6y9aEy2T\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Script Inclusion\u0022,\r\n \u0022description\u0022: \u0022Locate sensitive data across the system.\\nAssess the leakage of sensitive data through various techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/13-Testing_for_Cross_Site_Script_Inclusion\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222swWlnHwBxYnApxwqPaFia\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002253cqp0WizP5UcD6y9aEy2T\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223l1QbxBui2hkNi4QDQLvCR\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Reverse Tabnabbing\u0022,\r\n \u0022description\u0022: \u0022Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page by exploiting the \\u201ctarget\\u201d attribute in \u003Ca\u003E tag.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/14-Testing_for_Reverse_Tabnabbing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-14\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224fhAHWZLVgyuIedTDf4hYs\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-14_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223l1QbxBui2hkNi4QDQLvCR\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022API Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225urrLsUSpEdS04mnHAm2SE\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing GraphQL\u0022,\r\n \u0022description\u0022: \u0022Assess that a secure and production-ready configuration is deployed.\\nValidate all input fields against generic attacks.\\nEnsure that proper access controls are applied.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/12-API_Testing\\/01-Testing_GraphQL\u0022,\r\n \u0022ref\u0022: \u0022WSTG-APIT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225XLTnHgsMq7qoi1SX66LAx\u0022,\r\n \u0022title\u0022: \u0022WSTG-APIT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225urrLsUSpEdS04mnHAm2SE\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n}\r\n\r\nconst target = \u00274JdxRNU76DFKaSXnWFjhJY\u0027\r\n\r\nconst transform = (arr) =\u003E {\r\n return arr.reduce((acc, element) =\u003E {\r\n if (element.items) {\r\n return { ...acc, ...transform(element.items) }\r\n }\r\n return { ...acc, ...{ [element.id]: element } }\r\n }, {})\r\n}\r\n\r\nconst result = transform(data.items)[target]","IsDeferred":false},{"Name":"flatMAp","Code":"const data = {\r\n \u0022id\u0022: \u0022QL1XLymWE3w2iZA3E2xuj\u0022,\r\n \u0022title\u0022: \u0022OWASP - Web Testing Checklist\u0022,\r\n \u0022description\u0022: \u0022This checklist is based on OWASP Testing Guide and it includes a \\u201clow level\\u201d penetration testing guide that describes techniques for testing most common web application security issues and security checks to make sure that all vulnerability types are covered.\u0022,\r\n \u0022closedAt\u0022: null,\r\n \u0022blocked\u0022: false,\r\n \u0022items\u0022: [\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Information Gathering\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002260IhvL7GNb7ncIiAHggnKw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Conduct Search Engine Discovery Reconnaissance for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Identify what sensitive design and configuration information of the application, system, or organization is exposed directly (on the organization\u0027s site) or indirectly (via third-party services).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: \u0022not_applicable\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224JdxRNU76DFKaSXnWFjhJY\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002260IhvL7GNb7ncIiAHggnKw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022not_applicable\u0022,\r\n \u0022pocAvailable\u0022: true,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022D8sbZ9ZyPV0XBMuFteGA3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Server\u0022,\r\n \u0022description\u0022: \u0022Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/02-Fingerprint_Web_Server\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-02\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: \u0022passed\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227bQsKf09hYpLewyd9AJ2DU\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-02_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022D8sbZ9ZyPV0XBMuFteGA3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022passed\u0022,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225o88WI5Mi8i8LrNpeswgT1\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Webserver Metafiles for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Identify hidden or obfuscated paths and functionality through the analysis of metadata files.\\nExtract and map other information that could lead to a better understanding of the systems at hand.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/03-Review_Webserver_Metafiles_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222kMilDrKI7e8J1e5I2Pns8\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225o88WI5Mi8i8LrNpeswgT1\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: true,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022n2ZEU007Pk6LVenGfVK6t\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Enumerate Applications on Webserver\u0022,\r\n \u0022description\u0022: \u0022Enumerate the applications within the scope that exist on a web server.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/04-Enumerate_Applications_on_Webserver\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-04\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: \u0022passed\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227jEoKyq90H2gwd35uisI7I\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-04_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022n2ZEU007Pk6LVenGfVK6t\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: \u0022passed\u0022,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 1\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226RZObp1xGpzu6r04QKf6xm\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Web Page Content for Information Leakage\u0022,\r\n \u0022description\u0022: \u0022Review web page comments, metadata, and redirect bodies to find any information leakage.\\nGather JavaScript files and review the JS code to better understand the application and to find any information leakage.\\nIdentify if source map files or other frontend debug files exist.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/05-Review_Web_Page_Content_for_Information_Leakage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223QOYjEM9dhVgvAClWtmdd7\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226RZObp1xGpzu6r04QKf6xm\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226yI5X56LROrnR4WdlA2JoH\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Identify Application Entry Points\u0022,\r\n \u0022description\u0022: \u0022Identify possible entry and injection points through request and response analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/06-Identify_Application_Entry_Points\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002233rLMf2XGsZi5bQRnXmfxO\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226yI5X56LROrnR4WdlA2JoH\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225b7NEhm2YGqAdDNxKaRwwZ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Map Execution Paths Through Application\u0022,\r\n \u0022description\u0022: \u0022Map the target application and understand the principal workflows.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/07-Map_Execution_Paths_Through_Application\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-07\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002225OEzXB6IDLtQacQ2QYOG2\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-07_1\u0022,\r\n \u0022status\u0022: \u0022in_progress\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225b7NEhm2YGqAdDNxKaRwwZ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002236V7iywjArebMqqUdvH43b\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Application Framework\u0022,\r\n \u0022description\u0022: \u0022Fingerprint the components used by the web applications.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/08-Fingerprint_Web_Application_Framework\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225L0lCZ0ol11TMyrYkBk0Rg\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002236V7iywjArebMqqUdvH43b\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223gxL1FKjQLNyRF0330t4NP\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Fingerprint Web Application\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Fingerprint Web Application Framework.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/09-Fingerprint_Web_Application\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022Vg7KS9CaG3Bu3YQxCvEiy\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223gxL1FKjQLNyRF0330t4NP\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225PfskJykrZOacFLTXRxGsN\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Map Application Architecture\u0022,\r\n \u0022description\u0022: \u0022Understand the architecture of the application and the technologies in use.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/01-Information_Gathering\\/10-Map_Application_Architecture\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INFO-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223Ud2O7Sw2Jeido96jrHrcS\u0022,\r\n \u0022title\u0022: \u0022WSTG-INFO-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225PfskJykrZOacFLTXRxGsN\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Configuration and Deployment Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225GCIJ9e1sLsR2RgZ35z7bB\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Network Infrastructure Configuration\u0022,\r\n \u0022description\u0022: \u0022Review the applications\u0027 configurations set across the network and validate that they are not vulnerable.\\nValidate that used frameworks and systems are secure and not susceptible to known vulnerabilities due to unmaintained software or default settings and credentials.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/01-Test_Network_Infrastructure_Configuration\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002259UELnjAJ2ExVgK3GQ0yl8\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225GCIJ9e1sLsR2RgZ35z7bB\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022CDumZOXap3geS55l2enVJ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Application Platform Configuration\u0022,\r\n \u0022description\u0022: \u0022Ensure that default and known files have been removed.\\nValidate that no debugging code or extensions are left in the production environments.\\nReview the logging mechanisms set in place for the application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/02-Test_Application_Platform_Configuration\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022efE7wJz63l6gxZ2UeqFe\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022CDumZOXap3geS55l2enVJ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223KYbvT3gszflgHGolJ7pgA\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test File Extensions Handling for Sensitive Information\u0022,\r\n \u0022description\u0022: \u0022Brute force sensitive file extensions that might contain raw data such as scripts, credentials, etc.\\nValidate that no system framework bypasses exist for the rules that have been set\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/03-Test_File_Extensions_Handling_for_Sensitive_Information\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227g7gR1u9qt5S4RxCkMl4Js\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223KYbvT3gszflgHGolJ7pgA\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223Wtw2lAqUobXJmdGwgI9L7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Review Old Backup and Unreferenced Files for Sensitive Information\u0022,\r\n \u0022description\u0022: \u0022Find and analyse unreferenced files that might contain sensitive information.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022MCcUuYYbv9HOWcwuRgcSp\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223Wtw2lAqUobXJmdGwgI9L7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225OiGRBdKAYA8mx1C0ujSbY\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Enumerate Infrastructure and Application Admin Interfaces\u0022,\r\n \u0022description\u0022: \u0022Identify hidden administrator interfaces and functionality.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002249wSaNlZ0mG0xUhG0mdIYS\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225OiGRBdKAYA8mx1C0ujSbY\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222RMYRFOab1o2YyAVcMiQww\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test HTTP Methods\u0022,\r\n \u0022description\u0022: \u0022Enumerate supported HTTP methods.\\nTest for access control bypass.\\nTest HTTP method overriding techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/06-Test_HTTP_Methods\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227lyHqDp8L6FA58Tr3eNn14\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222RMYRFOab1o2YyAVcMiQww\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226zUldnSr1l1wpRfARNivhC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test HTTP Strict Transport Security\u0022,\r\n \u0022description\u0022: \u0022Review the HSTS header and its validity.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/07-Test_HTTP_Strict_Transport_Security\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227Z91tdcfOB941bm3Iwk01T\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226zUldnSr1l1wpRfARNivhC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022L9tbrygzgj5Mk9hH246Jd\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test RIA Cross Domain Policy\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/08-Test_RIA_Cross_Domain_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226ctaUBLDyfbxVasXTkPH78\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022L9tbrygzgj5Mk9hH246Jd\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222XZJlyC2jeqdWwagfTkFzN\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test File Permission\u0022,\r\n \u0022description\u0022: \u0022Review and identify any rogue file permissions.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/09-Test_File_Permission\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223s9kdE7UiZrj6sHfHoqIVr\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222XZJlyC2jeqdWwagfTkFzN\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221IjEfNbjOg443fqUSokpMh\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test for Subdomain Takeover\u0022,\r\n \u0022description\u0022: \u0022Enumerate all possible domains (previous and current).\\nIdentify forgotten or misconfigured domains.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/10-Test_for_Subdomain_Takeover\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002232olG8CiL62AjAEtL8vZH\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221IjEfNbjOg443fqUSokpMh\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225NZCLypAPwxnu97Wop0iVs\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Cloud Storage\u0022,\r\n \u0022description\u0022: \u0022Assess that the access control configuration for the storage services is properly in place.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/11-Test_Cloud_Storage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223KJeKynYf5jsvNc6v2viRD\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225NZCLypAPwxnu97Wop0iVs\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223aE9FmI43OqwtTFEfO4yID\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Content Security Policy\u0022,\r\n \u0022description\u0022: \u0022Review the Content-Security-Policy header or meta element to identify misconfigurations.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/12-Test_for_Content_Security_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022110wDlUJvBSEqlUys4d0Uy\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223aE9FmI43OqwtTFEfO4yID\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227Xjd3PHoQ6vQzLhdPZEI3k\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Path Confusion\u0022,\r\n \u0022description\u0022: \u0022Make sure application paths are configured correctly.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/02-Configuration_and_Deployment_Management_Testing\\/13-Test_for_Path_Confusion\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CONF-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223m612bu8eieOALBBlkPahO\u0022,\r\n \u0022title\u0022: \u0022WSTG-CONF-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227Xjd3PHoQ6vQzLhdPZEI3k\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Identity Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022drQ5Yu2Kan1wlnQ38qZsG\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Role Definitions\u0022,\r\n \u0022description\u0022: \u0022Identify and document roles used by the application.\\nAttempt to switch, change, or access another role.\\nReview the granularity of the roles and the needs behind the permissions given.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/01-Test_Role_Definitions\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002252OOCa00CZbVNmoD10tvsW\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022drQ5Yu2Kan1wlnQ38qZsG\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224g4dnhqCgKfmaOj9cbSnSS\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test User Registration Process\u0022,\r\n \u0022description\u0022: \u0022Verify that the identity requirements for user registration are aligned with business and security requirements.\\nValidate the registration process.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/02-Test_User_Registration_Process\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222mM66KPoiHm3mkmMAtNn7P\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224g4dnhqCgKfmaOj9cbSnSS\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222IovKxTrS96tUJrzYnzGp2\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Account Provisioning Process\u0022,\r\n \u0022description\u0022: \u0022Verify which accounts may provision other accounts and of what type.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/03-Test_Account_Provisioning_Process\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225ABN63Go0d9XXrNX8XFNJp\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222IovKxTrS96tUJrzYnzGp2\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221uN0PaIOFyLjHWRrzoAnFy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Account Enumeration and Guessable User Account\u0022,\r\n \u0022description\u0022: \u0022Review processes that pertain to user identification (*e.g.* registration, login, etc.).\\nEnumerate users where possible through response analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/04-Testing_for_Account_Enumeration_and_Guessable_User_Account\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225Ec2gyQV6fnSXLXOBm6R9D\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221uN0PaIOFyLjHWRrzoAnFy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223X6uM3I2DEptyZOptB5EAI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak or Unenforced Username Policy\u0022,\r\n \u0022description\u0022: \u0022Determine whether a consistent account name structure renders the application vulnerable to account enumeration.\\nDetermine whether the application\u0027s error messages permit account enumeration.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/03-Identity_Management_Testing\\/05-Testing_for_Weak_or_Unenforced_Username_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-IDNT-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223pLtPKyjeUvDZKaSakCYTB\u0022,\r\n \u0022title\u0022: \u0022WSTG-IDNT-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223X6uM3I2DEptyZOptB5EAI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Authentication Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223SQpNg4NHDDDKTk6YFNBef\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Credentials Transported over an Encrypted Channel\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Testing for Sensitive Information Sent via Unencrypted Channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225yecoDeBWQirx6VW7D8rYT\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223SQpNg4NHDDDKTk6YFNBef\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222JfMZ2f7B9Qf5OBVgAknhe\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Default Credentials\u0022,\r\n \u0022description\u0022: \u0022Determine whether the application has any user accounts with default passwords.\\nReview whether new user accounts are created with weak or predictable passwords.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/02-Testing_for_Default_Credentials\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223KKJ0yH06LgCbgdnRIxdmQ\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222JfMZ2f7B9Qf5OBVgAknhe\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022lz428xqsQm9r8ZJfvvytI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Lock Out Mechanism\u0022,\r\n \u0022description\u0022: \u0022Evaluate the account lockout mechanism\u0027s ability to mitigate brute force password guessing.\\nEvaluate the unlock mechanism\u0027s resistance to unauthorized account unlocking.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/03-Testing_for_Weak_Lock_Out_Mechanism\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022aBoTcnBPqwRTBUnULTZuT\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022lz428xqsQm9r8ZJfvvytI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022333kZwu4PvfGkR6uX0JfHc\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Bypassing Authentication Schema\u0022,\r\n \u0022description\u0022: \u0022Ensure that authentication is applied across all services that require it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/04-Testing_for_Bypassing_Authentication_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221dGaCYnspuzlYe5U9NUGAE\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022333kZwu4PvfGkR6uX0JfHc\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002266dm3iYXMkGTCKhxistE4k\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Vulnerable Remember Password\u0022,\r\n \u0022description\u0022: \u0022Validate that the generated session is managed securely and do not put the user\u0027s credentials in danger.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/05-Testing_for_Vulnerable_Remember_Password\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223y1fiPSnTqdO13YwaDmyat\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002266dm3iYXMkGTCKhxistE4k\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002220TXwBCgKd9si6D0O0mbCk\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Browser Cache Weaknesses\u0022,\r\n \u0022description\u0022: \u0022Review if the application stores sensitive information on the client-side.\\nReview if access can occur without authorization.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/06-Testing_for_Browser_Cache_Weaknesses\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224DpsNmQS8nT6HnK2igNNJw\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002220TXwBCgKd9si6D0O0mbCk\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221Ctpi50oi5AUhZCIlv42fT\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Password Policy\u0022,\r\n \u0022description\u0022: \u0022Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse, and aging requirements of passwords.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/07-Testing_for_Weak_Password_Policy\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226utwl28BbdQqp0wm2LODtg\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221Ctpi50oi5AUhZCIlv42fT\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226j5phsyf40BfdQujCdbIay\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Security Question Answer\u0022,\r\n \u0022description\u0022: \u0022Determine the complexity and how straight-forward the questions are.\\nAssess possible user answers and brute force capabilities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/08-Testing_for_Weak_Security_Question_Answer\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221vMfl61N9jx2gUa8wYN7xa\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226j5phsyf40BfdQujCdbIay\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226Gqme1CnDnDy1juncAGb3c\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Password Change or Reset Functionalities\u0022,\r\n \u0022description\u0022: \u0022Determine whether the password change and reset functionality allows accounts to be compromised.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/09-Testing_for_Weak_Password_Change_or_Reset_Functionalities\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002243jw9ImRrU9Y8g7n3vRper\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226Gqme1CnDnDy1juncAGb3c\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222hau77yI6r4en9TpLc5Hgw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weaker Authentication in Alternative Channel\u0022,\r\n \u0022description\u0022: \u0022Identify alternative authentication channels.\\nAssess the security measures used and if any bypasses exists on the alternative channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/10-Testing_for_Weaker_Authentication_in_Alternative_Channel\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022yPRnmDBZRMSvhDj7rZFeu\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222hau77yI6r4en9TpLc5Hgw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223AO4O32KnVCccM8UzZ5f2G\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Multi-Factor Authentication (MFA)\u0022,\r\n \u0022description\u0022: \u0022Identify the type of MFA used by the application.\\nDetermine whether the MFA implementation is robust and secure.\\nAttempt to bypass the MFA.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/04-Authentication_Testing\\/11-Testing_Multi-Factor_Authentication\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHN-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225v394QkdwnheWyXrPSXtjA\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHN-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223AO4O32KnVCccM8UzZ5f2G\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Authorization Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222ZrtGtVD7dxEJbY2zkFnfB\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Directory Traversal File Include\u0022,\r\n \u0022description\u0022: \u0022Identify injection points that pertain to path traversal.\\nAssess bypassing techniques and identify the extent of path traversal.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/01-Testing_Directory_Traversal_File_Include\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002273If6yNnANqO62SkunglKZ\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222ZrtGtVD7dxEJbY2zkFnfB\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223hUPPENIry3xkCsNPDMMHb\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Bypassing Authorization Schema\u0022,\r\n \u0022description\u0022: \u0022Assess if horizontal or vertical access is possible.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/02-Testing_for_Bypassing_Authorization_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227MEXLngrzXBdf3yRqG6Ik3\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223hUPPENIry3xkCsNPDMMHb\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002213SHJl2QqUw207cIuh2uIR\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Privilege Escalation\u0022,\r\n \u0022description\u0022: \u0022Identify injection points related to privilege manipulation.\\nFuzz or otherwise attempt to bypass security measures.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/03-Testing_for_Privilege_Escalation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227d7uBT3dWt3WNlKhGb8goc\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002213SHJl2QqUw207cIuh2uIR\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221rdeetyxDwEZc5JqHSv5hY\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Insecure Direct Object References\u0022,\r\n \u0022description\u0022: \u0022Identify points where object references may occur.\\nAssess the access control measures and if they\u0027re vulnerable to IDOR.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/04-Testing_for_Insecure_Direct_Object_References\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225hW8Zh1iNDJ274ZZymLqL0\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221rdeetyxDwEZc5JqHSv5hY\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225Stq6WtkjScNFEk3NGPICO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for OAuth Weaknesses\u0022,\r\n \u0022description\u0022: \u0022Determine if OAuth2 implementation is vulnerable or using a deprecated or custom implementation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/05-Authorization_Testing\\/05-Testing_for_OAuth_Weaknesses\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ATHZ-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222jaTfEXouCQqll1TYVZpSF\u0022,\r\n \u0022title\u0022: \u0022WSTG-ATHZ-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225Stq6WtkjScNFEk3NGPICO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Session Management Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223USg5n9656E2d5mTrFJ91E\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Management Schema\u0022,\r\n \u0022description\u0022: \u0022Gather session tokens, for the same user and for different users where possible.\\nAnalyze and ensure that enough randomness exists to stop session forging attacks.\\nModify cookies that are not signed and contain information that can be manipulated.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/01-Testing_for_Session_Management_Schema\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225melVaTekq1GZsQRslORsT\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223USg5n9656E2d5mTrFJ91E\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221VtvNUPt0MOi8mPi20ZopW\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cookies Attributes\u0022,\r\n \u0022description\u0022: \u0022Ensure that the proper security configuration is set for cookies.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/02-Testing_for_Cookies_Attributes\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223LUqoO6uFPVNvSH2u0lQii\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221VtvNUPt0MOi8mPi20ZopW\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224GeEVgBKIQGQcfBTqSNXMD\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Fixation\u0022,\r\n \u0022description\u0022: \u0022Analyze the authentication mechanism and its flow.\\nForce cookies and assess the impact.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/03-Testing_for_Session_Fixation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022POiEJ7C6BrobTng3gl2J4\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224GeEVgBKIQGQcfBTqSNXMD\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221Q9AOX6mkwxTcGKKllF5w5\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Exposed Session Variables\u0022,\r\n \u0022description\u0022: \u0022Ensure that proper encryption is implemented.\\nReview the caching configuration.\\nAssess the channel and methods\u0027 security.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/04-Testing_for_Exposed_Session_Variables\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222cikQe08L4mlp7dqVQ8EOB\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221Q9AOX6mkwxTcGKKllF5w5\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002279ZuBfRjKfb7VX8QAVgmok\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Request Forgery\u0022,\r\n \u0022description\u0022: \u0022Determine whether it is possible to initiate requests on a user\u0027s behalf that are not initiated by the user.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/05-Testing_for_Cross_Site_Request_Forgery\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221CSlX5alKh4vSmz2HIbQ3P\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002279ZuBfRjKfb7VX8QAVgmok\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022Ggbw68HqUrT9EAdEA284l\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Logout Functionality\u0022,\r\n \u0022description\u0022: \u0022Assess the logout UI.\\nAnalyze the session timeout and if the session is properly killed after logout.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/06-Testing_for_Logout_Functionality\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227XQPZMnrsmehQAIswIY4dv\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022Ggbw68HqUrT9EAdEA284l\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002238wIktSbw3QoazLE1lNfib\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Session Timeout\u0022,\r\n \u0022description\u0022: \u0022Validate that a hard session timeout exists.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/07-Testing_Session_Timeout\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223D1zn77YcSBRFtVDsyj3KG\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002238wIktSbw3QoazLE1lNfib\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225HxYWIBXUleHrrBQNsLGhq\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Puzzling\u0022,\r\n \u0022description\u0022: \u0022Identify all session variables.\\nBreak the logical flow of session generation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/08-Testing_for_Session_Puzzling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226BqovplxNGMyUg7PIK8UxK\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225HxYWIBXUleHrrBQNsLGhq\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002270njqXpOUgRXvvxr2wnIbF\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Session Hijacking\u0022,\r\n \u0022description\u0022: \u0022Identify vulnerable session cookies.\\nHijack vulnerable cookies and assess the risk level.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/09-Testing_for_Session_Hijacking\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227ERiQi9RI3BElkE5B3c5xQ\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002270njqXpOUgRXvvxr2wnIbF\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224FtrkH1XAIA2o1eUe2D7Ko\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing JSON Web Tokens\u0022,\r\n \u0022description\u0022: \u0022Determine whether the JWTs expose sensitive information.\\nDetermine whether the JWTs can be tampered with or modified.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/06-Session_Management_Testing\\/10-Testing_JSON_Web_Tokens\u0022,\r\n \u0022ref\u0022: \u0022WSTG-SESS-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002244GavL2SWyflmMbdE3HX1C\u0022,\r\n \u0022title\u0022: \u0022WSTG-SESS-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224FtrkH1XAIA2o1eUe2D7Ko\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Input Validation Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022FTGLng58bkdoL44WhDxix\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Reflected Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify variables that are reflected in responses.\\nAssess the input they accept and the encoding that gets applied on return (if any).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/01-Testing_for_Reflected_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225y3reJgVfrNBnZ3HXgalz9\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022FTGLng58bkdoL44WhDxix\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226utWjKa2eNPyxg6L4s2T2G\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Stored Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify stored input that is reflected on the client-side.\\nAssess the input they accept and the encoding that gets applied on return (if any).\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/02-Testing_for_Stored_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224PgWi8tCI8qA1b1ZeIDwEY\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226utWjKa2eNPyxg6L4s2T2G\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002267v9wdqIadk608UbYED7Zw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Verb Tampering\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Test HTTP Methods\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/03-Testing_for_HTTP_Verb_Tampering\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222gzE4JIwEygl4bfmwMdECZ\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002267v9wdqIadk608UbYED7Zw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226Dr2byCJgr2zwlxG1qhcNl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Parameter Pollution\u0022,\r\n \u0022description\u0022: \u0022Identify the backend and the parsing method used.\\nAssess injection points and try bypassing input filters using HPP.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/04-Testing_for_HTTP_Parameter_Pollution\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226zV6VWfLeKSCsxiAG1Ig61\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226Dr2byCJgr2zwlxG1qhcNl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227eYOngQ5wY7uit0ZdIh0Ci\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for SQL Injection\u0022,\r\n \u0022description\u0022: \u0022Identify SQL injection points.\\nAssess the severity of the injection and the level of access that can be achieved through it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/05-Testing_for_SQL_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224ZkYEG6A6omxGWtKPAAyD6\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227eYOngQ5wY7uit0ZdIh0Ci\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221mkEaTA9jNwNCdQokzsLwQ\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for LDAP Injection\u0022,\r\n \u0022description\u0022: \u0022Identify LDAP injection points.\\nAssess the severity of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/06-Testing_for_LDAP_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223WuTb1BIreNesm1jCIV1NK\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221mkEaTA9jNwNCdQokzsLwQ\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225fmDVrUJy6Nf0TAZ8CRzxl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for XML Injection\u0022,\r\n \u0022description\u0022: \u0022Identify XML injection points.\\nAssess the types of exploits that can be attained and their severities.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/07-Testing_for_XML_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226EjmentnnVloLM5MUDVdQp\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225fmDVrUJy6Nf0TAZ8CRzxl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223i6GgiTQ5Ph8sWcwuz02G5\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for SSI Injection\u0022,\r\n \u0022description\u0022: \u0022Identify SSI injection points.\\nAssess the severity of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/08-Testing_for_SSI_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222hhzhLJ0mNyc7PnO2hPKyb\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223i6GgiTQ5Ph8sWcwuz02G5\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222r3FnbUlzALUXAkClK1BNj\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for XPath Injection\u0022,\r\n \u0022description\u0022: \u0022Identify XPATH injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/09-Testing_for_XPath_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225HyNNrDN6POw6aBQyQQGA9\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222r3FnbUlzALUXAkClK1BNj\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223mTvYVb2La0UviXa9UMMY3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for IMAP SMTP Injection\u0022,\r\n \u0022description\u0022: \u0022Identify IMAP\\/SMTP injection points.\\nUnderstand the data flow and deployment structure of the system.\\nAssess the injection impacts.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/10-Testing_for_IMAP_SMTP_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225wsx4k6AIAKkSJN20oXUw1\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223mTvYVb2La0UviXa9UMMY3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002213ibWn9vtJY1uNIMkjXPqU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Code Injection\u0022,\r\n \u0022description\u0022: \u0022Identify injection points where you can inject code into the application.\\nAssess the injection severity.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/11-Testing_for_Code_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221WOUTNfKRw9pRl1rseEnzc\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002213ibWn9vtJY1uNIMkjXPqU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221kYBvTjU9srpCMMlppcF1Y\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Command Injection\u0022,\r\n \u0022description\u0022: \u0022Identify and assess the command injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/12-Testing_for_Command_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224WJiSGtKx4nmhLTgHvSFGd\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221kYBvTjU9srpCMMlppcF1Y\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022YZd93XyXpgpBPYe9INw54\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Buffer Overflow\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/13-Testing_for_Buffer_Overflow\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225cBdLCwIxM8FMIg3yvxKMw\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022YZd93XyXpgpBPYe9INw54\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221nvAWhjd5wD7siH7keCI6w\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Format String Injection\u0022,\r\n \u0022description\u0022: \u0022This content has been removed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/13-Testing_for_Format_String_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227RK51rifcf7Ki8yVW1cSHP\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221nvAWhjd5wD7siH7keCI6w\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224yhcCutIpnPWIFt1adcKpy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Incubated Vulnerability\u0022,\r\n \u0022description\u0022: \u0022Identify injections that are stored and require a recall step to the stored injection.\\nUnderstand how a recall step could occur.\\nSet listeners or activate the recall step if possible.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/14-Testing_for_Incubated_Vulnerability\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-14\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022KivZRJUcapP3JseKmz4V5\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-14_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224yhcCutIpnPWIFt1adcKpy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022wm473WJkKTtHR3fWDiHMw\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Splitting Smuggling\u0022,\r\n \u0022description\u0022: \u0022Assess if the application is vulnerable to splitting, identifying what possible attacks are achievable.\\nAssess if the chain of communication is vulnerable to smuggling, identifying what possible attacks are achievable.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/15-Testing_for_HTTP_Splitting_Smuggling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-15\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002221BIn0czicm9OPm285k23M\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-15_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022wm473WJkKTtHR3fWDiHMw\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221pRC0BdLI5pNpF8e1oCkyS\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTTP Incoming Requests\u0022,\r\n \u0022description\u0022: \u0022Monitor all incoming and outgoing HTTP requests to the Web Server to inspect any suspicious requests.\\nMonitor HTTP traffic without changes of end user Browser proxy or client-side application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/16-Testing_for_HTTP_Incoming_Requests\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-16\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222Ao9Cej6Md0hxRHLauUTOA\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-16_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221pRC0BdLI5pNpF8e1oCkyS\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224rVMw0PsEyNu50z1DR9PGx\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Host Header Injection\u0022,\r\n \u0022description\u0022: \u0022Assess if the Host header is being parsed dynamically in the application.\\nBypass security controls that rely on the header.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/17-Testing_for_Host_Header_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-17\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227VhDNh0Q29oeavwhxnpO4A\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-17_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224rVMw0PsEyNu50z1DR9PGx\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225RU8dV3S0TEuUfxlP3bq60\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Server-side Template Injection\u0022,\r\n \u0022description\u0022: \u0022Detect template injection vulnerability points.\\nIdentify the templating engine.\\nBuild the exploit.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/18-Testing_for_Server-side_Template_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-18\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224t0STJ9Rrs4TrwELSuZtv8\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-18_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225RU8dV3S0TEuUfxlP3bq60\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022dG4UZOl06Vl5z4LMl0RcT\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Server-Side Request Forgery\u0022,\r\n \u0022description\u0022: \u0022Identify SSRF injection points.\\nTest if the injection points are exploitable.\\nAsses the severity of the vulnerability.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/19-Testing_for_Server-Side_Request_Forgery\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-19\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226l82t2Ga7flSsP3onOc6oK\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-19_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022dG4UZOl06Vl5z4LMl0RcT\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002253YZkzP1ngDxN7hoEURBsO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Mass Assignment\u0022,\r\n \u0022description\u0022: \u0022Identify requests that modify objects\\nAssess if it is possible to modify fields never intended to be modified from outside\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/07-Input_Validation_Testing\\/20-Testing_for_Mass_Assignment\u0022,\r\n \u0022ref\u0022: \u0022WSTG-INPV-20\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221xIkQ7qcFUjj6jh0u2skgz\u0022,\r\n \u0022title\u0022: \u0022WSTG-INPV-20_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002253YZkzP1ngDxN7hoEURBsO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Testing for Error Handling\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224bopUtbUPg4ty6c5q35Ii3\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Improper Error Handling\u0022,\r\n \u0022description\u0022: \u0022Identify existing error output.\\nAnalyze the different output returned.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/08-Testing_for_Error_Handling\\/01-Testing_For_Improper_Error_Handling\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ERRH-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002245b0hNQekFsP8K0Zea7Nos\u0022,\r\n \u0022title\u0022: \u0022WSTG-ERRH-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224bopUtbUPg4ty6c5q35Ii3\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222iGa5OEPafEsDUHeo6BFFu\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Stack Traces\u0022,\r\n \u0022description\u0022: \u0022This content has been merged into: Testing for Improper Error Handling.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/08-Testing_for_Error_Handling\\/02-Testing_for_Stack_Traces\u0022,\r\n \u0022ref\u0022: \u0022WSTG-ERRH-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224SKZ0yDIk0Q5nhQhPIOMrV\u0022,\r\n \u0022title\u0022: \u0022WSTG-ERRH-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222iGa5OEPafEsDUHeo6BFFu\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Cryptography\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00227KxQtDqOY6NXmNXjiiBNtp\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Transport Layer Security\u0022,\r\n \u0022description\u0022: \u0022Validate the service configuration.\\nReview the digital certificate\u0027s cryptographic strength and validity.\\nEnsure that the TLS security is not bypassable and is properly implemented across the application.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/01-Testing_for_Weak_Transport_Layer_Security\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223JUiNrRlcpeonk9QyY5CHH\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227KxQtDqOY6NXmNXjiiBNtp\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022vPZr2AP0dY367WonUz6Wy\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Padding Oracle\u0022,\r\n \u0022description\u0022: \u0022Identify encrypted messages that rely on padding.\\nAttempt to break the padding of the encrypted messages and analyze the returned error messages for further analysis.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/02-Testing_for_Padding_Oracle\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221k62tW6pzvelkCTmWCgbkn\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022vPZr2AP0dY367WonUz6Wy\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227XMTzVShk1PWUZvvqnJVu7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Sensitive Information Sent via Unencrypted Channels\u0022,\r\n \u0022description\u0022: \u0022Identify sensitive information transmitted through the various channels.\\nAssess the privacy and security of the channels used.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224nZHRDTrboacqHEWDljoLq\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227XMTzVShk1PWUZvvqnJVu7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222lS9DXA6cpcMwYNytq0oEU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Weak Encryption\u0022,\r\n \u0022description\u0022: \u0022Provide a guideline for the identification weak encryption or hashing uses and implementations.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/09-Testing_for_Weak_Cryptography\\/04-Testing_for_Weak_Encryption\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CRYP-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225KWbMxAYLzqExNuhU9x6lp\u0022,\r\n \u0022title\u0022: \u0022WSTG-CRYP-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222lS9DXA6cpcMwYNytq0oEU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Business Logic Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002221Mw4d26XHFtsIJyaqyHYn\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Business Logic Data Validation\u0022,\r\n \u0022description\u0022: \u0022Identify data injection points.\\nValidate that all checks are occurring on the backend and can\u0027t be bypassed.\\nAttempt to break the format of the expected data and analyze how the application is handling it.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/01-Test_Business_Logic_Data_Validation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222DpYFvHDe7q4m00NgJ535o\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002221Mw4d26XHFtsIJyaqyHYn\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224rM1ah8usPRgCMY0P8anQ7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Ability to Forge Requests\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation looking for guessable, predictable, or hidden functionality of fields.\\nInsert logically valid data in order to bypass normal business logic workflow.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/02-Test_Ability_to_Forge_Requests\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022385OFn4w42yUq7Laof1VIV\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224rM1ah8usPRgCMY0P8anQ7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222P8Dho2qZdBA6VBdSCkVqM\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Integrity Checks\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for components of the system that move, store, or handle data.\\nDetermine what type of data is logically acceptable by the component and what types the system should guard against.\\nDetermine who should be allowed to modify or read that data in each component.\\nAttempt to insert, update, or delete data values used by each component that should not be allowed per the business logic workflow.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/03-Test_Integrity_Checks\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222s623svdzf8TlrcwH00xut\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222P8Dho2qZdBA6VBdSCkVqM\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022KtwC0Ks7ck6AhU73nlYLq\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test for Process Timing\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for system functionality that may be impacted by time.\\nDevelop and execute misuse cases.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/04-Test_for_Process_Timing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002260vDYt58br97iARGidh7u4\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022KtwC0Ks7ck6AhU73nlYLq\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224oSDHl2bD0Cs9dIP6tZZZ8\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Number of Times a Function Can Be Used Limits\u0022,\r\n \u0022description\u0022: \u0022Identify functions that must set limits to the times they can be called.\\nAssess if there is a logical limit set on the functions and if it is properly validated.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224n1KTq5vy2Qgu3h2EDKtpt\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224oSDHl2bD0Cs9dIP6tZZZ8\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223J4uprRMySV4c4FeYlOqKX\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for the Circumvention of Work Flows\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for methods to skip or go through steps in the application process in a different order from the intended business logic flow.\\nDevelop a misuse case and try to circumvent every logic flow identified.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/06-Testing_for_the_Circumvention_of_Work_Flows\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002214kdeb1KhJ13SJa4TeaGj9\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223J4uprRMySV4c4FeYlOqKX\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226SAuC5xy2fiI14CzaD21b7\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Defenses Against Application Misuse\u0022,\r\n \u0022description\u0022: \u0022Generate notes from all tests conducted against the system.\\nReview which tests had a different functionality based on aggressive input.\\nUnderstand the defenses in place and verify if they are enough to protect the system against bypassing techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/07-Test_Defenses_Against_Application_Misuse\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224VK5QYmQT4SzXutH6DdUX7\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226SAuC5xy2fiI14CzaD21b7\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222Ymftbn0VoP4rnUIJbxzB8\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Upload of Unexpected File Types\u0022,\r\n \u0022description\u0022: \u0022Review the project documentation for file types that are rejected by the system.\\nVerify that the unwelcomed file types are rejected and handled safely.\\nVerify that file batch uploads are secure and do not allow any bypass against the set security measures.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/08-Test_Upload_of_Unexpected_File_Types\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022CbX9Ugfz6eBXxwV0XQMVR\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222Ymftbn0VoP4rnUIJbxzB8\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227LY159B7popyyO4p9bB8vs\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Upload of Malicious Files\u0022,\r\n \u0022description\u0022: \u0022Identify the file upload functionality.\\nReview the project documentation to identify what file types are considered acceptable, and what types would be considered dangerous or malicious.\\nIf documentation is not available then consider what would be appropriate based on the purpose of the application.\\nDetermine how the uploaded files are processed.\\nObtain or create a set of malicious files for testing.\\nTry to upload the malicious files to the application and determine whether it is accepted and processed.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/09-Test_Upload_of_Malicious_Files\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224pauBNI8jOat7YUkSusxEL\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227LY159B7popyyO4p9bB8vs\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00221pfZVCtGpKVVNGQd6ngrpC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Test Payment Functionality\u0022,\r\n \u0022description\u0022: \u0022Determine whether the business logic for the e-commerce functionality is robust.\\nUnderstand how the payment functionality works.\\nDetermine whether the payment functionality is secure.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/10-Business_Logic_Testing\\/10-Test-Payment-Functionality\u0022,\r\n \u0022ref\u0022: \u0022WSTG-BUSL-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221OXfJCITRr99TWrID9Ru0E\u0022,\r\n \u0022title\u0022: \u0022WSTG-BUSL-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00221pfZVCtGpKVVNGQd6ngrpC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022Client-side Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225QStfbuzhpUHhJkjHV9pqO\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for DOM-Based Cross Site Scripting\u0022,\r\n \u0022description\u0022: \u0022Identify DOM sinks.\\nBuild payloads that pertain to every sink type.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/01-Testing_for_DOM-based_Cross_Site_Scripting\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u002215pBn6slFuLq1ej971I3I3\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225QStfbuzhpUHhJkjHV9pqO\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222WyCI1HI9pAe7KNGhsMzYE\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for JavaScript Execution\u0022,\r\n \u0022description\u0022: \u0022Identify sinks and possible JavaScript injection points.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/02-Testing_for_JavaScript_Execution\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-02\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222dmkJ7KNyY8kGtrELjOTwI\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-02_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222WyCI1HI9pAe7KNGhsMzYE\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u0022332prvQE5Ik09A8bbrR9kG\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for HTML Injection\u0022,\r\n \u0022description\u0022: \u0022Identify HTML injection points and assess the severity of the injected content.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/03-Testing_for_HTML_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-03\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223y2t8CFMuQ814tmcwhGEEm\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-03_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u0022332prvQE5Ik09A8bbrR9kG\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223EJBfwCFLfYClrlvaOLFXU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Client-side URL Redirect\u0022,\r\n \u0022description\u0022: \u0022Identify injection points that handle URLs or paths.\\nAssess the locations that the system could redirect to.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/04-Testing_for_Client-side_URL_Redirect\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-04\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222APcphDhH1NsWH0qeeacQJ\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-04_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223EJBfwCFLfYClrlvaOLFXU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226ZXLMOZLfE0kNTZTDDDMpl\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for CSS Injection\u0022,\r\n \u0022description\u0022: \u0022Identify CSS injection points.\\nAssess the impact of the injection.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/05-Testing_for_CSS_Injection\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-05\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221csgrhybCJiARVAHgsEk37\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-05_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226ZXLMOZLfE0kNTZTDDDMpl\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224YaL5BBlTsUewEJCv72HRe\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Client-side Resource Manipulation\u0022,\r\n \u0022description\u0022: \u0022Identify sinks with weak input validation.\\nAssess the impact of the resource manipulation.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/06-Testing_for_Client-side_Resource_Manipulation\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-06\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226D8kqEip6PBxPfFzQ4RcZ4\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-06_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224YaL5BBlTsUewEJCv72HRe\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00225gkWLwQ1p8ZDAHK1dc2qAD\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Cross Origin Resource Sharing\u0022,\r\n \u0022description\u0022: \u0022Identify endpoints that implement CORS.\\nEnsure that the CORS configuration is secure or harmless.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/07-Testing_Cross_Origin_Resource_Sharing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-07\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022YmkWwQNetd6bVXJgIyPDs\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-07_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225gkWLwQ1p8ZDAHK1dc2qAD\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002223I4IIQUvXW9X3QgVfMtTI\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Flashing\u0022,\r\n \u0022description\u0022: \u0022Decompile and analyze the application\u0027s code.\\nAssess sinks inputs and unsafe method usages.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/08-Testing_for_Cross_Site_Flashing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-08\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00226huqD8NAe1KMi3PLjsUUYu\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-08_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002223I4IIQUvXW9X3QgVfMtTI\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00224eWP8KkUGMcKqsir0ezeIK\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Clickjacking\u0022,\r\n \u0022description\u0022: \u0022Understand security measures in place.\\nAssess how strict the security measures are and if they are bypassable.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/09-Testing_for_Clickjacking\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-09\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221OFpdQa0qTRilgl3pvTKX\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-09_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00224eWP8KkUGMcKqsir0ezeIK\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00226941wk5NOVOXIpZ67OW7xC\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing WebSockets\u0022,\r\n \u0022description\u0022: \u0022Identify the usage of WebSockets.\\nAssess its implementation by using the same tests on normal HTTP channels.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/10-Testing_WebSockets\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-10\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00221zHGqQPo2ScBoWwSqeQ4Pt\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-10_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00226941wk5NOVOXIpZ67OW7xC\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00227ReAhcWedaGxfsWjUavUvL\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Web Messaging\u0022,\r\n \u0022description\u0022: \u0022Assess the security of the message\u0027s origin.\\nValidate that it\u0027s using safe methods and validating its input.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/11-Testing_Web_Messaging\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-11\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u0022lngZtPGZKOic4VpIGJx7V\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-11_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00227ReAhcWedaGxfsWjUavUvL\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00222MgvrcASrKvzqp8b9NMBIU\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing Browser Storage\u0022,\r\n \u0022description\u0022: \u0022Determine whether the website is storing sensitive data in client-side storage.\\nThe code handling of the storage objects should be examined for possibilities of injection attacks, such as utilizing unvalidated input or vulnerable libraries.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/12-Testing_Browser_Storage\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-12\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00223UDmiG2YyXZ3qHPjJZVrCD\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-12_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00222MgvrcASrKvzqp8b9NMBIU\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u002253cqp0WizP5UcD6y9aEy2T\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Cross Site Script Inclusion\u0022,\r\n \u0022description\u0022: \u0022Locate sensitive data across the system.\\nAssess the leakage of sensitive data through various techniques.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/13-Testing_for_Cross_Site_Script_Inclusion\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-13\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00222swWlnHwBxYnApxwqPaFia\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-13_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u002253cqp0WizP5UcD6y9aEy2T\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n },\r\n {\r\n \u0022id\u0022: \u00223l1QbxBui2hkNi4QDQLvCR\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing for Reverse Tabnabbing\u0022,\r\n \u0022description\u0022: \u0022Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page by exploiting the \\u201ctarget\\u201d attribute in \u003Ca\u003E tag.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/11-Client-side_Testing\\/14-Testing_for_Reverse_Tabnabbing\u0022,\r\n \u0022ref\u0022: \u0022WSTG-CLNT-14\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00224fhAHWZLVgyuIedTDf4hYs\u0022,\r\n \u0022title\u0022: \u0022WSTG-CLNT-14_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00223l1QbxBui2hkNi4QDQLvCR\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \u0022type\u0022: \u0022category\u0022,\r\n \u0022title\u0022: \u0022API Testing\u0022,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225urrLsUSpEdS04mnHAm2SE\u0022,\r\n \u0022type\u0022: \u0022check\u0022,\r\n \u0022title\u0022: \u0022Testing GraphQL\u0022,\r\n \u0022description\u0022: \u0022Assess that a secure and production-ready configuration is deployed.\\nValidate all input fields against generic attacks.\\nEnsure that proper access controls are applied.\u0022,\r\n \u0022link\u0022: \u0022https:\\/\\/owasp.org\\/www-project-web-security-testing-guide\\/latest\\/4-Web_Application_Security_Testing\\/12-API_Testing\\/01-Testing_GraphQL\u0022,\r\n \u0022ref\u0022: \u0022WSTG-APIT-01\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022result\u0022: null,\r\n \u0022items\u0022: [\r\n {\r\n \u0022id\u0022: \u00225XLTnHgsMq7qoi1SX66LAx\u0022,\r\n \u0022title\u0022: \u0022WSTG-APIT-01_1\u0022,\r\n \u0022status\u0022: \u0022todo\u0022,\r\n \u0022blocked\u0022: false,\r\n \u0022checkId\u0022: \u00225urrLsUSpEdS04mnHAm2SE\u0022,\r\n \u0022rank\u0022: 1,\r\n \u0022result\u0022: {\r\n \u0022value\u0022: null,\r\n \u0022pocAvailable\u0022: false,\r\n \u0022countReportsLinked\u0022: 0\r\n },\r\n \u0022assignee\u0022: null\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n}\r\n\r\nconst target = \u00274JdxRNU76DFKaSXnWFjhJY\u0027\r\n\r\nconst transform2 = (arr) =\u003E {\r\n return arr.flatMap((x) =\u003E {\r\n if (x.items) {\r\n return transform2(x.items)\r\n }\r\n return x\r\n })\r\n}\r\n\r\nconst result = transform2(data.items).find(\r\n (x) =\u003E x.id === target\r\n )","IsDeferred":false}]}