⇤ Web Application Security Findings
https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=web_appsec
Get security misconfiguration evidence, including:
- CORS Violation
- Directory Listing Exposure
- HTTPS to HTTP Redirects
- Internal Server Error
- Overly Permissive CORS Whitelist
- Reverse Tabnabbing
- TLS Errors on Page Resource Fetch
For details specific to Web Application Security, use the ?risk_vector=web_appsec parameter. Other query parameters are listed in GET: Finding Details.
CORS Violation
[assessmentName = cors_violation]
Example Response
{
"resource": "url",
"resolutionStatus": "blocked",
"message": "Access to font at 'url' from origin 'url' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
resourceString |
A link to the resource as defined in the web application. |
resolutionStatusString |
The action the browser took when loading the resource. |
messageString |
A summary of the issue. |
Directory Listing Exposure
[assessmentName = directory_listing_exposure]
Example Response
{
"url": "url",
"server": "Apache 2",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
urlString |
The location that is exposing a server directory listing. |
serverString |
The server name. |
HTTPS to HTTP Redirects
[assessmentName = https_to_http_redirect]
Example Response
[
{
"value": "url",
"responseChain": [
{
"url": "url",
"statusCode": 301,
"ip": "ip",
"port": 80
},
[…]
],
⊕ See additional evidences
}
]
Response Attributes
| Field | Description | ||
|---|---|---|---|
valueString |
The redirect chain element that caused the downgrade. | ||
responseChainArray |
The response chain from the loaded domain. | ||
| Object | A response. | ||
urlString |
The URL from a specific step in the response chain. | ||
statusCodeInteger |
The HTTP status code for the redirect. | ||
ipString |
The IP address. | ||
portInteger |
The port used to connect on a particular step of the response chain. | ||
Internal Server Error
[assessmentName = internal_server_error]
Example Response
{
"url": "url",
"message": "Request produced a 500 Internal Server Error response",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
urlString |
The location where an internal server error was generated. |
messageString |
A summary of the issue. |
Overly Permissive CORS Whitelist
[assessmentName = permissive_cors_whitelist]
Example Response
{
"name": "Access-Control-Allow-Origin",
"value": "*",
"resourceUrl":"http://example.com/",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
nameString |
The header. |
valueString |
The value of the HTTP header. |
resourceUrlString |
The resource URL that had the CSP violation. |
Reverse Tabnabbing
[assessmentName = reverse_tabnabbing]
Example Response
{
"resource": "url",
"attributes": "rel=\"noopener\" href=\"url\" class=\"m-last-foc m-last-foc-main\" target=\"_blank\"",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
resourceString |
The resource that will be loaded. |
attributesString |
Attributes associated with this link. |
TLS Errors on Page Resource Fetch
[assessmentName = tls_error]
Example Response
{
"certificate": "MIIEPDCCAySgAwIBAg...+oghLrGREt",
"message": "This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).",
⊕ See additional evidences
}
Response Attributes
| Field | Description |
|---|---|
certificateString |
A string representation of the certificate. |
messageString |
A summary of the issue. |
hashString |
The failure reason when validating the integrity attribute that’s present in the HTML element. |
-
May 15, 2024: Added
resourceto Overly Permissive CORS Whitelist response. - December 12, 2023: Included general finding details; Added table of contents.
- August 11, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.