OWASP_2021_A07 on ZAP

access_token/id_token in URL

Mon, 01 Jan 0001 00:00:00 +0000

Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.

Generated by OWASP PTK DAST Module

api_key/key in URL

Mon, 01 Jan 0001 00:00:00 +0000

Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.

Generated by OWASP PTK DAST Module

Disallow direct document.cookie assignment (incl. bracket access)

Mon, 01 Jan 0001 00:00:00 +0000

Detects cases where attacker-controlled DOM data is written into cookies (document.cookie or common wrapper functions). Can indicate session fixation, logic control, or preparation for exploit-chains.

Generated by OWASP PTK SAST Module

DOM-based Cookie Manipulation (taint flow)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

JWT None Algorithm (Authorization header)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT None Algorithm (Cookie)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT None Algorithm (Form body param)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT None Algorithm (JSON body)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT Probe (Authorization + JWT cookies removed)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT Probe (Authorization header removed)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT Probe (JWT cookies removed)

Mon, 01 Jan 0001 00:00:00 +0000

This attack occurs when an attacker alters the token and changes the hashing algorithm to indicate, through the none keyword, that the integrity of the token has already been verified

Generated by OWASP PTK DAST Module

JWT-like value in URL

Mon, 01 Jan 0001 00:00:00 +0000

Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.

Generated by OWASP PTK DAST Module

Non-Storable Content

Mon, 01 Jan 0001 00:00:00 +0000

The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.

Re-examine Cache-control Directives

Mon, 01 Jan 0001 00:00:00 +0000

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.

Retrieved from Cache

Mon, 01 Jan 0001 00:00:00 +0000

The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as “proxy” caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

Retrieved from Cache

Mon, 01 Jan 0001 00:00:00 +0000

Storable and Cacheable Content

Mon, 01 Jan 0001 00:00:00 +0000

The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where “shared” caching servers such as “proxy” caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

Storable but Non-Cacheable Content

Mon, 01 Jan 0001 00:00:00 +0000

The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.