-
Updated
Mar 2, 2021 - Python
owasp
Here are 371 public repositories matching this topic...
-
Updated
Nov 11, 2020
-
Updated
Mar 4, 2021 - Python
-
Updated
Mar 3, 2021 - Go
-
Updated
Feb 16, 2021 - PHP
-
Updated
Mar 1, 2021 - Ruby
What's the issue?
Overwritten test scenario, can be summarized and link to payload lists from other repos
How do we solve it?
Chop down the content to the required and needed information, link to payload lists instead of enumerating all possible usernames and passwords, provide further guidance on how to test.
If no one is up to handle it, I can take care of it
-
Updated
Jan 15, 2021 - Go
-
Updated
Dec 30, 2020 - Python
The component_name
and component_version
fields were added recently. Some scanners already populate these fields, but lots of them don't. For some scanners these fields cannot be set, i.e. for scanners that try xss on web pages etc. But probably there are some scanners that can/should be updated.
Description
BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.
Code
import org.apache.commons.beanutils.BeanUtils;
public
-
Updated
Mar 5, 2021 - Python
-
Updated
Feb 19, 2021 - JavaScript
-
Updated
Mar 3, 2021 - C
-
Updated
Feb 24, 2021 - Python
-
Updated
Oct 1, 2020
The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number
-
Updated
May 20, 2020 - Perl 6
-
Updated
Feb 24, 2021 - Python
-
Updated
Mar 5, 2021 - Java
-
Updated
Mar 5, 2021
-
Updated
Aug 24, 2020 - CSS
Document ZAP
Improve this page
Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."
Describe the bug
I have been testing some test endpoints, where an xml file is returned. These tests get alert "A WSDL File has been detected.". I have been looking through the source code and found that Content-Type ".wsdl", "text/xml" or "application/wsdl+xml will trigger an alert (\zap\extension\soap\WSDLFilePassiveScanRule.java line 60-62). Some of the WSDL files will probably use text/xm