Analisi delle API di GovWay per il monitoraggio

Generated on Wed, 20 Nov 2024 01:11:33

ZAP Version: 2.15.0

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
0
Medium
0
Low
0
Informational
0

Alerts

Name Risk Level Number of Instances

Passing Rules

Name Rule Type Threshold Strength
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Private IP Disclosure Passive MEDIUM -
Session ID in URL Rewrite Passive MEDIUM -
Script Served From Malicious Domain (polyfill) Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Cross-Domain JavaScript Source File Inclusion Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Anti-clickjacking Header Passive MEDIUM -
X-Content-Type-Options Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
Strict-Transport-Security Header Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
Content Security Policy (CSP) Header Not Set Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Timestamp Disclosure Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Cross-Domain Misconfiguration Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/

HTTP Response Code Number of Responses

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

Alert Detail