| CUSTOM_PAYLOADS |
|
| CVE-2012-1823 |
https://nvd.nist.gov/vuln/detail/CVE-2012-1823 |
| CVE-2014-0160 |
https://nvd.nist.gov/vuln/detail/CVE-2014-0160 |
| CVE-2021-44228 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44228 |
| CVE-2021-45046 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45046 |
| CVE-2022-22965 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| CVE-2022-42889 |
https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
| OUT_OF_BAND |
https://www.zaproxy.org/docs/desktop/addons/oast-support/ |
| OWASP_2017_A01 |
https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html |
| OWASP_2017_A02 |
https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html |
| OWASP_2017_A03 |
https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html |
| OWASP_2017_A04 |
https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE).html |
| OWASP_2017_A05 |
https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html |
| OWASP_2017_A06 |
https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html |
| OWASP_2017_A07 |
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html |
| OWASP_2017_A08 |
https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization.html |
| OWASP_2017_A09 |
https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html |
| OWASP_2021_A01 |
https://owasp.org/Top10/A01_2021-Broken_Access_Control/ |
| OWASP_2021_A02 |
https://owasp.org/Top10/A02_2021-Cryptographic_Failures/ |
| OWASP_2021_A03 |
https://owasp.org/Top10/A03_2021-Injection/ |
| OWASP_2021_A04 |
https://owasp.org/Top10/A04_2021-Insecure_Design/ |
| OWASP_2021_A05 |
https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ |
| OWASP_2021_A06 |
https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/ |
| OWASP_2021_A08 |
https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/ |
| OWASP_2021_A10 |
https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ |
| WSTG-v42-ATHN-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel |
| WSTG-v42-ATHN-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema |
| WSTG-v42-ATHN-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses |
| WSTG-v42-ATHZ-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include |
| WSTG-v42-ATHZ-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References |
| WSTG-v42-BUSL-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files |
| WSTG-v42-CLNT-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting |
| WSTG-v42-CLNT-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/02-Testing_for_JavaScript_Execution |
| WSTG-v42-CLNT-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect |
| WSTG-v42-CLNT-07 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing |
| WSTG-v42-CLNT-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking |
| WSTG-v42-CONF-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information |
| WSTG-v42-CONF-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces |
| WSTG-v42-CONF-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods |
| WSTG-v42-CONF-08 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy |
| WSTG-v42-CRYP-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security |
| WSTG-v42-CRYP-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle |
| WSTG-v42-CRYP-03 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels |
| WSTG-v42-ERRH-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling |
| WSTG-v42-ERRH-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces |
| WSTG-v42-IDNT-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account |
| WSTG-v42-INFO-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server |
| WSTG-v42-INFO-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage |
| WSTG-v42-INFO-08 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework |
| WSTG-v42-INPV-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting |
| WSTG-v42-INPV-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting |
| WSTG-v42-INPV-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution |
| WSTG-v42-INPV-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection |
| WSTG-v42-INPV-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection |
| WSTG-v42-INPV-07 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection |
| WSTG-v42-INPV-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection |
| WSTG-v42-INPV-11 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection |
| WSTG-v42-INPV-12 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection |
| WSTG-v42-INPV-15 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling |
| WSTG-v42-INPV-19 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery |
| WSTG-v42-SESS-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes |
| WSTG-v42-SESS-03 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation |
| WSTG-v42-SESS-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables |
| WSTG-v42-SESS-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery |