| Details | |
|---|---|
| Alert ID | 200011-8 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 200 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-200 OWASP_2021_A05 OWASP_2025_A02 TOOL_PTK |
Summary
Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.
Generated by OWASP PTK DAST Module
Solution
• Remove secrets from client-delivered assets and rotate exposed credentials. • Use automated secret scanning in CI/CD and pre-commit hooks.Other Info
References
- https://owasp.org/Top10/2025/A02_2025-Cryptographic_Failures/
- https://cwe.mitre.org/data/definitions/798.html