Publication Date: August 11, 2023
https://api.bitsighttech.com/ratings//v1/companies/company_guid/findings?risk_vector=web_appsec
Get an organization’s Web Application Security finding details.
Parameters
For details specific to Web Application Security, use the ?risk_vector=web_appsec parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=web_appsec -u entity_guid/assets -u API_token:
Example Responses
Cross-Site Scripting
Components with Known Vulnerabilities
Broken Authentication and Access Control
Sensitive Data Exposure
Security Misconfiguration
Cross-Site Scripting: Cross-Domain Subresource Integrity Check
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment |
| |
assessmentName
String |
Name of the assessment that this evidenced is associated to. For this type, the name will always be cross_domain_subresource_integrity_check. |
status
String |
Test result associated to this evidence. Either Pass of Failed. |
severity
String |
Severity associated to this evidence. |
type
String |
The type of HTML resource. |
resource
String [URL] |
Link defined in web application to the resource. |
hash
String |
If available, the hash value present in the HTML element. |
[
{
"type": "link",
"resource": "[url]",
"hash": "Integrity attribute missing",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cross_domain_subresource_integrity_check"
},
{
"type": "script",
"resource": "[url]",
"hash": "Integrity attribute missing",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cross_domain_subresource_integrity_check"
}
]
Cross-Site Scripting: Cross-Domain Subresource Integrity Failure
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be cross_domain_subresource_integrity_failure |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
type
String |
The type of HTML resource. |
resource
String [URL] |
Link defined in web application to the resource. |
hash
String |
If available, the hash value present in the HTML element. |
[
{
"type": "Script",
"resource": "[url]",
"hash": "Failed to find a valid digest in the 'integrity' attribute for resource '[url]' with computed SHA-256 integrity 'CdZ5YfsFUiC3gCJeUOvnoduGoxgDH0EugrrlwIuw+U4='. The resource has been blocked.",
"resolution": "blocked",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "cross_domain_subresource_integrity_failure"
}
]
Cross-Site Scripting: Content Security Policy Configurations
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be content_security_policy. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
documentUrl
String [URL] |
URL that was loaded to retrive the CSP configuration |
source
String |
Location where the CSP configuration was loaded from. |
directive
String |
CSP directive evaluated in a pice of particular evidence. |
value
String |
Value of the CSP directive. |
cspSeverity
Integer |
Severity of the CSP directive that will be used to grade. |
type
Integer |
The type of HTML resource. |
[
{
"message": "'unsafe-inline' allows the execution of unsafe in-page scripts and event handlers.",
"documentUrl": "[url]",
"source": "header",
"directive": "script-src",
"value": [
"'unsafe-inline'"
],
"cspSeverity": 10,
"type": 301,
"status": "Failed",
"severity": "Moderate",
"assessmentName": "content_security_policy"
},
{
"message": "'unsafe-eval' allows the execution of code injected into DOM APIs such as eval().",
"documentUrl": "[url]",
"source": "header",
"directive": "script-src",
"value": [
"'unsafe-eval'"
],
"cspSeverity": 50,
"type": 302,
"status": "Failed",
"severity": "Moderate",
"assessmentName": "content_security_policy"
}
]
Cross-site Scripting: CSP Violations
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidenced is associated to. For this type, the name will always be csp_violation. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
resolutionStatus
String |
Action the browser took when loading the resource. |
lineNumber
Integer |
Line number in the source page. |
message
String |
Detailed message of why a specific element caused the CSP violation. |
resourceUrl
String [URL] |
URL of the resource that generated the CSP violation. |
[
{
"lineNumber": 165,
"resolutionStatus": "blocked",
"message": "Refused to load the script '[url]' because it violates the following Content Security Policy directive: \"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.\n",
"resourceUrl": "[url]",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "csp_violation"
},
{
"lineNumber": 859,
"resolutionStatus": "blocked",
"message": "Refused to load the script '[url]' because it violates the following Content Security Policy directive: \"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.\n",
"resourceUrl": "[url]",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "csp_violation"
}
]
Components with Known Vulnerabilities: Javascript Libraries with Known Vulnerabilities
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be javascript_library_vulnerabilities. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
library
String |
Name of the Javascript library. |
cpe
String |
Common Platform Enumeration name for this library, if available. |
cves
Array |
List of CVEs that are associated with this library. |
| |
cveId
String |
Identifier of one specific CVE associated with this library. |
[
{
"library": "Google Tag Manager",
"status": "Pass",
"severity": "Material",
"assessmentName": "javascript_library_vulnerabilities"
},
{
"library": "jquery",
"version": "1.11.0",
"cves": [
{"cveId": "CVE-2020-11023"},
{"cveId": "CVE-2020-11022"},
{"cveId": "CVE-2015-9251" },
{"cveId": "CVE-2019-11358"}
],
"cpe": "cpe:/a:jquery:jquery",
"status": "Failed",
"severity": "Material",
"assessmentName": "javascript_library_vulnerabilities"
}
]
Broken Authentication and Access Control: CMS Administration Portal Exposed
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be exposed_csm_admin_page. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
cms
String |
Name of the CMS that was identified. |
location
String [URL] |
URL of the login page that was identified. |
[
{
"cms": "Wordpress",
"location": "[url]",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "exposed_cms_admin_page"
}
]
Broken Authentication and Access Control: Cross-Site Request Forgery (CSRF) Mitigations Present
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be cross_site_request_forgery. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
documentUrl
String [URL] |
URL of the page that contains the token. |
name
String |
Name of the token. |
value
String |
Value of the token. |
path
String |
Path of the HTML element within the page. |
[
{
"documentUrl": "[url]",
"name": "input types",
"value": "text",
"path": "/html/body#home/div/footer/div/form#mobile-footer-search",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cross_site_request_forgery"
},
{
"documentUrl": "[url]",
"name": "input types",
"value": "text",
"path": "/html/body#home/div#offCanvasNestedOverlap/div/form#mobile-search",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cross_site_request_forgery"
}
]
Broken Authentication and Access Control: Authentication on Insecure Channel
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be authentication_on_insecure_channel. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
name
String |
Name of the HTML element that represents an authentication mechanism |
message
String |
Detailed message of the identified issue. |
details
String |
Additional details of the HTML element identified. |
authCategory
String |
Category of the issue.
Values:
auth_on_insecure_channelpassword_on_insecure_channel_ssl_cert_errorpassword_on_insecure_channel_ssl_obsolete_connection_errorpassword_on_insecure_channel
|
resource
String [URL] |
URL of the application that sent the WWW-Authenticate header. |
[
{
"name": "input",
"message": "Password input field present in a form on a non-HTTPS page",
"details": "size=\"5\" name=\"password\" style=\"width:100px\" type=\"password\"",
"authCategory": "password_on_insecure_channel",
"status": "Failed",
"severity": "Material",
"assessmentName": "authentication_on_insecure_channel"
},
{
"name": "WWW-Authenticate",
"message": "WWW-Authenticate header present on a non-HTTPS page.",
"resource": "[url]",
"authCategory": "auth_on_insecure_channel",
"status": "Failed",
"severity": "Material",
"assessmentName": "authentication_on_insecure_channel"
}
]
Sensitive Data Exposure: Secure cookie set on insecure channel
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be cross_domain_subresource_integrity_check. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
name
String |
Name of the cookie. |
[
{
"name": "GUEST_LANGUAGE_ID",
"status": "Failed",
"severity": "Minor",
"assessmentName": "secure_cookie_on_insecure_channel"
},
{
"name": "COOKIE_SUPPORT",
"status": "Failed",
"severity": "Minor",
"assessmentName": "secure_cookie_on_insecure_channel"
}
]
Sensitive Data Exposure: Session Token in URL
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be session_token_in_url. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
name
String |
Name of the attribute that contains a session token. |
value
String |
Value of the session token. |
resource
String [URL] |
Full URL that contains the session token. |
[
{
"name": "sid",
"value": "1234567890",
"resource": "[url]",
"status": "Failed",
"severity": "Minor",
"assessmentName": "session_token_in_url"
},
{
"name": "id",
"value": "0987654321",
"resource": "[url]",
"status": "Failed",
"severity": "Minor",
"assessmentName": "session_token_in_url"
}
]
Sensitive Data Exposure: Mixed Content
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be mixed_content. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
type
String |
Resrouce type. |
resolution
String |
Action the browser took when loading the resource.
[blocked, warning, upgraded] |
resource
String [URL] |
Link defined in web application to the resource. |
details
String |
Detailed message of the resolution reason provided by the browser. |
[
{
"type": "IMAGE",
"resolution": "upgraded",
"resource": "[url]",
"details": "Mixed Content: The page at '[url]' was loaded over HTTPS, but requested an insecure element '[url]'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html",
"status": "Failed",
"severity": "Minor",
"assessmentName": "mixed_content"
},
{
"type": "FORM",
"resolution": "warning",
"resource": "[url]",
"details": "Mixed Content: The page at '[url]' was loaded over a secure connection, but contains a form that targets an insecure endpoint '[url]'. This endpoint should be made available over a secure connection.",
"status": "Failed",
"severity": "Material",
"assessmentName": "mixed_content"
}
]
Sensitive Data Exposure: HSTS Preload Directive Present
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be hsts_preload_present. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
header
String |
Name of the HTTP header. |
value
String |
Value of the HTTP header. |
[
{
"header": "Strict-Transport-Security",
"value": "max-age=63072000; includeSubDomains; preload",
"status": "Pass",
"severity": "Minor",
"assessmentName": "hsts_preload_present"
}
]
Sensitive Data Exposure: Cookie SameSite Attribute
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be cookie_same_site_attribute. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
name
String |
Name of the cookie |
value
String |
Value contained in the cooke. |
attributes
String |
All attributes associated with the cooke. |
[
{
"name": "TS0...b0b",
"message": "Cookie does not have the SameSite attribute",
"value": "017aab903c93f57f8079...2ba5a47e3e6799c7f53c",
"attributes": "TS0...b0b=017aab903c93f57f8079...2ba5a47e3e6799c7f53c; Path=/; Domain=[url]; Secure",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cookie_same_site_attribute"
},
{
"name": "TS0...026",
"message": "Cookie does not have the SameSite attribute",
"value": "013df855ab4843b6075b...0af49a41e4f30ec115b8",
"attributes": "TS0...026=013df855ab4843b6075b...0af49a41e4f30ec115b8; Path=/; Domain=[url]; Secure",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cookie_same_site_attribute"
}
]
Sensitive Data Exposure: Cookie SameSite Blocked
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be cookie_same_site_blocked. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
name
String |
Name of the cookie |
value
String |
Value contained in the cooke. |
attributes
String |
All attributes associated with the cooke. |
[
{
"name": "ENTRY_KEY",
"message": "A cookie was blocked due to SameSite policy violation for reason EXCLUDE_SAME_SITE_UNSPECIFIED_TREATED_AS_LAX",
"resolution": "blocked",
"attributes": "path=/; domain=[url]",
"resourceUrl": "[url]",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cookie_same_site_blocked"
},
{
"name": "TESTCOOKIES",
"message": "A cookie was blocked due to SameSite policy violation for reason EXCLUDE_SAME_SITE_UNSPECIFIED_TREATED_AS_LAX",
"resolution": "blocked",
"attributes": "path=/embed; domain=[url]",
"resourceUrl": "[url]",
"status": "Failed",
"severity": "Minor",
"assessmentName": "cookie_same_site_blocked"
}
]
Sensitive Data Exposure: Unsafe Referrer Policy
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be unsafe_referrer_policy. |
status
String |
Test result associated to this evidence. Either Pass of Failed. |
severity
String |
Severity associated to this evidence. |
header
String |
Name of the header |
value
String [URL] |
Value of the header. |
[
{
"header": "Referrer-Policy",
"value": "unsafe-url",
"status": "Failed",
"severity": "Minor",
"assessmentName": "unsafe_referrer_policy"
}
]
Security Misconfiguration: Internal server error
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be internal_server_error. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
url
String [URL] |
Location that generated an internal server error response. |
message
String |
Detailed message about the error response. |
[
{
"url": "[url]",
"message": "Request produced a 500 Internal Server Error response",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "internal_server_error"
}
]
Security Misconfiguration: Reverse Tabnabbing
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidenced is associated to. For this type, the name will always be reverse_tabnabbing. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
resource
String [URL] |
Link of the resource to be loaded. |
attributes
String |
List of all attributes associated with this link. |
[
{
"resource": "[url]",
"attributes": "rel=\"noopener\" href=\"[url]\" class=\"m-last-foc m-last-foc-main\" target=\"_blank\"",
"status": "Failed",
"severity": "Minor",
"assessmentName": "reverse_tabnabbing"
}
]
Security Misconfiguration: TLS Errors on Page Resource Fetch
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be tls_error. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
certificate
String |
If available, string representation of the certificate. |
message
String |
Detailed message describing the certificate error that was generated. |
hash
String |
Detailed message of the failure reason when validating the integrity attribute present in the HTML element. |
[
{
"certificate": "MIIEPDCCAySgAwIBAg...+oghLrGREt",
"message": "This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "tls_error"
},
{
"message": "Obsolete connections settings: The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with P-384, and AES_256_CBC with HMAC-SHA1.",
"status": "Failed",
"severity": "Minor",
"assessmentName": "tls_error"
}
]
Security Misconfiguration: Directory listing exposure
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be directory_listing_exposure. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
url
String [URL] |
Location that is exposing a server directory listing. |
server
String |
If available, the server name. |
[
{
"url": "[url]",
"server": "Apache 2",
"status": "Failed",
"severity": "Minor",
"assessmentName": "directory_listing_exposure"
}
]
Security Misconfiguration: CORS Violation
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be directory_listing_exposure. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
resolutionStatus
String |
Action the browser took when loading the resource.
[blocked, warning] |
resource
String [URL] |
Link defined in web application to the resource. |
message
String |
Detailed message of the resolution reason provided by the browser. |
[
{
"resource": "[url]",
"resolutionStatus": "blocked",
"message": "Access to font at '[url]' from origin '[url]' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "cors_violation"
},
{
"resource": "[url]",
"resolutionStatus": "blocked",
"message": "Access to font at '[url]' from origin '[url]' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "cors_violation"
}
]
Security Misconfiguration: Overly Permissive CORS Whitelist
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be directory_listing_exposure. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
header
String |
Name of the HTTP header. |
value
String |
Value of the HTTP header. |
[
{
"name": "Access-Control-Allow-Origin",
"value": "*",
"status": "Failed",
"severity": "Moderate",
"assessmentName": "permissive_cors_whitelist"
}
]
Security Misconfiguration: HTTPS to HTTP Redirects
| Field |
Description |
diligence_annotations
Array |
List of all evidence associated with the assessment. |
| |
assessmentName
String |
Name of the assessment that this evidence is associated to. For this type, the name will always be https_to_http_redirect. |
status
String |
Test result associated to this evidence. Either Pass or Failed. |
severity
String |
Severity associated to this evidence. |
value
String |
Element in the redirect chain that caused the downgrade |
responseChain
Array |
Full response chain that was followed when loading the domain. |
| |
url
String [URL] |
URL that was followed on a specific step of the response chain. |
statusCode
Integer |
HTTP status code for the redirect. |
ip
String [IP] |
IP of the URL that was followed. |
port
Integer |
Port that was used to connect on the specific step of the response chain. |
[
{
"value": "http://[url_3]",
"responseChain": [
{
"url": "http://[url_1]",
"statusCode": 301,
"ip": "[ip]",
"port": 80
},
{
"url": "https://[url_2]",
"statusCode": 302,
"ip": "[ip]",
"port": 443
},
{
"url": "http://[url_3]",
"statusCode": 301,
"ip": "[ip]",
"port": 80
},
{
"url": "https://[url_4]",
"statusCode": 200,
"ip": "[ip]",
"port": 443
}
],
"status": "Failed",
"severity": "Material",
"assessmentName": "https_to_http_redirect"
}
]
