Created
March 30, 2018 13:39
-
-
Save enygma/74be512de05a599c32685d5904c09b0e to your computer and use it in GitHub Desktop.
A JSON formatted document of the Bugcrowd Vulnerability Rating Taxonomy v1.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "category": "Server Security Misconfguration", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Using Default Credentials", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Production Server", "priority": "P1" }, | |
| { "type": "Staging/Development Server", "priority": "P2" } | |
| ] | |
| }, | |
| { | |
| "name": "Misconfgured DNS", | |
| "priority": "P2", | |
| "variants": [ | |
| { "type": "Subdomain Takeover", "priority": "P2" }, | |
| { "type": "Zone Transfer", "priority": "P4" }, | |
| { "type": "Missing Certification Authority Authorization (CAA) Record", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Mail Server Misconfguration", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Missing SPF on Email Domain", "priority": "P3" }, | |
| { "type": "Email Spoofable Via Third-Party API Misconfguration", "priority": "P3" }, | |
| { "type": "Missing SPF on Non-Email Domain", "priority": "P5" }, | |
| { "type": "SPF Uses a Soft Fail", "priority": "P5" }, | |
| { "type": "SPF Includes More Than 10 Lookups", "priority": "P5" }, | |
| { "type": "Missing DKIM/DMARC", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "No Rate Limiting on Form", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Login", "priority": "P3" }, | |
| { "type": "Registration", "priority": "P4" }, | |
| { "type": "Email-Triggering", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Password Confirmation", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Change Email Address", "priority": "P4" }, | |
| { "type": "Change Password", "priority": "P4" }, | |
| { "type": "Delete Account", "priority": "P4" }, | |
| { "type": "Manage 2FA", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Unsafe File Upload", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "No Antivirus", "priority": "P4" }, | |
| { "type": "No Size Limit", "priority": "P4" }, | |
| { "type": "File Extension Filter Bypass", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Missing Secure or HTTPOnly Cookie Flag", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Session Token", "priority": "P4" }, | |
| { "type": "Non-Session Cookie", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Clickjacking", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Sensitive Action", "priority": "P4" }, | |
| { "type": "Non-Sensitive Action", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "OAuth Misconfiguration", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Missing State Parameter", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Captcha Bypass", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Implementation Vulnerability", "priority": "P4" }, | |
| { "type": "Brute Force", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Security Headers", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Cache-Control for a Sensitive Page", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Directory Listing Enabled", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Non-Sensitive Data Exposure", "priority": "P4" }, | |
| { "type": "Sensitive Data Exposure", "priority": "Variable" } | |
| ] | |
| }, | |
| { | |
| "name": "Directory Listing Enabled", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Non-Sensitive Data Exposure", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Same-Site Scripting", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Cookie Scoped to Parent Domain", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Exposed Admin Portal", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "To Internet", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Missing DNSSEC", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Fingerprinting/Banner Disclosure", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Potentially Unsafe HTTP Method Enabled", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "OPTIONS", "priority": "P5" }, | |
| { "type": "TRACE", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Insecure SSL", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Lack of Forward Secrecy", "priority": "P5" }, | |
| { "type": "Insecure Cipher Suite", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Reflected File Download (RFD)", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Security Headers", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "X-Frame-Options", "priority": "P5" }, | |
| { "type": "Cache-Control for a Non-Sensitive Page", "priority": "P5" }, | |
| { "type": "X-XSS-Protection", "priority": "P5" }, | |
| { "type": "Strict-Transport-Security", "priority": "P5" }, | |
| { "type": "X-Content-Type-Options", "priority": "P5" }, | |
| { "type": "Content-Security-Policy", "priority": "P5" }, | |
| { "type": "Public-Key-Pins", "priority": "P5" }, | |
| { "type": "X-Content-Security-Policy", "priority": "P5" }, | |
| { "type": "X-Webkit-CSP", "priority": "P5" }, | |
| { "type": "Content-Security-Policy-Report-Only", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Bitsquatting", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Unsafe Cross-Origin Resource Sharing", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Path Traversal", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "SSL Attack (BREACH, POODLE etc.)", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Server-Side Injection", | |
| "vulnerabilities": [ | |
| { | |
| "name": "File Inclusion", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Local", "priority": "P1" } | |
| ] | |
| }, | |
| { | |
| "name": "Remote Code Execution (RCE)", | |
| "priority": "P1", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "SQL Injection", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Error-Based", "priority": "P1" }, | |
| { "type": "Blind", "priority": "P1" } | |
| ] | |
| }, | |
| { | |
| "name": "XML External Entity Injection (XXE)", | |
| "priority": "P1", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "HTTP Response Manipulation", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Response Splitting (CRLF)", "priority": "P3" } | |
| ] | |
| }, | |
| { | |
| "name": "Content Spoofng", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "iframe Injection", "priority": "P3" }, | |
| { "type": "External Authentication Injection", "priority": "P4" }, | |
| { "type": "Email HTML Injection", "priority": "P4" }, | |
| { "type": "Text Injection", "priority": "P5" }, | |
| { "type": "Homograph/IDN-Based", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Parameter Pollution", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Social Media Sharing Buttons", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Broken Authentication and Session Management", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Authentication Bypass", | |
| "priority": "P1", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Weak Login Function", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Over HTTP", "priority": "P3" } | |
| ] | |
| }, | |
| { | |
| "name": "Session Fixation", | |
| "priority": "P3", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Failure to Invalidate Session", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "On Logout", "priority": "P4" }, | |
| { "type": "On Password Reset", "priority": "P4" }, | |
| { "type": "On Password Change", "priority": "P4" }, | |
| { "type": "All Sessions", "priority": "P5" }, | |
| { "type": "On Email Change", "priority": "P5" }, | |
| { "type": "Long Timeout", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Weak Registration Implementation", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Over HTTP", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Concurrent Logins", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Privilege Escalation", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Sensitive Data Exposure", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Critically Sensitive Data", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Password Disclosure", "priority": "P1"}, | |
| { "type": "Private API Keys", "priority": "P1"} | |
| ] | |
| }, | |
| { | |
| "name": "EXIF Geolocation Data Not Stripped From Uploaded Images", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Automatic User Enumeration", "priority": "P3" }, | |
| { "type": "Manual User Enumeration", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Visible Detailed Error/Debug Page", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Detailed Server Con guration", "priority": "P4" }, | |
| { "type": "Full Path Disclosure", "priority": "P5" }, | |
| { "type": "Descriptive Stack Trace", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Token Leakage via Referer", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Untrusted 3rd Party", "priority": "P4" }, | |
| { "type": "Over HTTP", "priority": "P4" }, | |
| { "type": "Trusted 3rd Party", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Sensitive Token in URL", | |
| "priority": "P4", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Weak Password Reset Implementation", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Password Reset Token Sent Over HTTP", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Disclosure of Known Public Information", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Non-Sensitive Token in URL", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Mixed Content (HTTPS Sourcing HTTP)", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Sensitive Data Hardcoded", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "OAuth Secret", "priority": "P5" }, | |
| { "type": "File Paths", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Internal IP Disclosure", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "JSON Hijacking", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Cross Site Script Inclusion (XSSI)", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Insecure OS/Firmware", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Command Injection", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Privileged User", "priority": "P1" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Broken Cryptography", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Cryptographic Flaw", | |
| "priority": "P1", | |
| "variants": [ | |
| { "type": "Incorrect Usage", "priority": "P1" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Cross-Site Scripting (XSS)", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Stored", | |
| "priority": "P2", | |
| "variants": [ | |
| { "type": "Non-Admin to Anyone", "priority": "P2" }, | |
| { "type": "Admin to Anyone", "priority": "P3" }, | |
| { "type": "Self", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Reflected", | |
| "priority": "P3", | |
| "variants": [ | |
| { "type": "Self", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "IE-Only", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Older Version (IE 10/11)", "priority": "P4" }, | |
| { "type": "XSS Filter Disabled", "priority": "P5" }, | |
| { "type": "Older Version (< IE10)", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Referer", | |
| "priority": "P4", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Universal (UXSS)", | |
| "priority": "P4", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Off-Domain", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Data URI", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Cookie-Based", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "TRACE Method", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Broken Access Control (BAC)", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Server-Side Request Forgery (SSRF)", | |
| "priority": "P2", | |
| "variants": [ | |
| { "type": "Internal", "priority": "P2"}, | |
| { "type": "External", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Username Enumeration", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Data Leak", "priority": "P4" }, | |
| { "type": "Brute Force", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Insecure Direct Object References (IDOR)", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Exposed Sensitive Android Intent", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Exposed Sensitive iOS URL Scheme", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Cross-Site Request Forgery (CSRF)", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Application-Wide", | |
| "priority": "P2", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Action-Specific", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Logout", "priority": "P5" }, | |
| { "type": "Authenticated Action", "priority": "Variable" }, | |
| { "type": "Unauthenticated Action", "priority": "Variable" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Application-Level Denial-of-Service (DoS)", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Critical Impact and/or Easy Dif cult", | |
| "priority": "P2", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "High Impact and/or Medium Difficulty", | |
| "priority": "P3", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "App Crash", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Malformed Android Intents", "priority": "P5" }, | |
| { "type": "Malformed iOS URL Schemes", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Insecure OS/Firmware", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Hardcoded Password", | |
| "priority": "P2", | |
| "variants": [ | |
| { "type": "Non-Privileged User", "priority": "P2" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Unvalidated Redirects and Forwards", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Open Redirect", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "GET-Based", "priority": "P4" }, | |
| { "type": "POST-Based", "priority": "P5" }, | |
| { "type": "Header-Based", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Tabnabbing", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Security Speed Bump Page", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Insufficient Security Configurability", | |
| "vulnerabilities": [ | |
| { | |
| "name": "No Password Policy", | |
| "priority": "P4", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Weak Password Reset Implementation", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Token is Not Invalidated After Use", "priority": "P4" }, | |
| { "type": "Token is Not Invalidated After Email Change", "priority": "P5" }, | |
| { "type": "Token is Not Invalidated After Password Change", "priority": "P5" }, | |
| { "type": "Token Has Long Timed Expiry", "priority": "P5" }, | |
| { "type": "Token is Not Invalidated After New Token is Requested", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Weak Password Policy", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Verification Email", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Notification Email", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Weak Registration Implementation", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Allows Disposable Email Addresses", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Weak 2FA Implementation", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Missing Failsafe", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Using Components with Known Vulnerabilities", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Rosetta Flash", | |
| "priority": "P4", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Outdated Software Version", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Captcha Bypass", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "OCR (Optical Character Recognition)", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Insecure Data Storage", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Sensitive Application Data Stored Unencrypted", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "On External Storage", "priority": "P4" }, | |
| { "type": "On Internal Storage", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Server-Side Credentials Storage", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Plaintext", "priority": "P4" } | |
| ] | |
| }, | |
| { | |
| "name": "Non-Sensitive Application Data Stored Unencrypted", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Screen Caching Enabled", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Insecure Data Transport", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Executable Download", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "No Secure Integrity Check", "priority": "P4" }, | |
| { "type": "Secure Integrity Check", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "Cleartext Transmission of Sensitive Data", | |
| "priority": "Variable", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Privacy Concerns", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Unnecessary Data Collection", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "WiFi SSID+Password", "priority": "P4" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Network Security Misconfiguration", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Telnet Enabled", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Credentials Required", "priority": "P4" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Client-Side Injection", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Binary Planting", | |
| "priority": "P4", | |
| "variants": [ | |
| { "type": "Privilege Escalation", "priority": "P4" }, | |
| { "type": "No Privilege Escalation", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "External Behavior", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Browser Feature", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Plaintext Password Field", "priority": "P5" }, | |
| { "type": "Save Password", "priority": "P5" }, | |
| { "type": "Autocomplete Enabled", "priority": "P5" }, | |
| { "type": "Autocorrect Enabled", "priority": "P5" }, | |
| { "type": "Aggressive Of ine Caching", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "CSV Injection", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Captcha Bypass", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Crowdsourcing", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "System Clipboard Leak", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Shared Links", "priority": "P5" } | |
| ] | |
| }, | |
| { | |
| "name": "User Password Persisted in Memory", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Lack of Binary Hardening", | |
| "vulnerabilities": [ | |
| { | |
| "name": "Lack of Exploit Mitigations", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Jailbreak Detection", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Lack of Obfuscation", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| }, | |
| { | |
| "name": "Runtime Instrumentation-Based", | |
| "priority": "P5", | |
| "variants": [ | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Mobile Security Misconfiguration", | |
| "vulnerabilities": [ | |
| { | |
| "name": "SSL Certificate Pinning", | |
| "priority": "P5", | |
| "variants": [ | |
| { "type": "Absent", "priority": "P5" }, | |
| { "type": "Defeatable", "priority": "P5" } | |
| ] | |
| } | |
| ] | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment