DAST browser-based crawler vulnerability checks Ultimate

The DAST browser-based crawler provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test.

Passive Checks

ID Check Severity Type
1004.1 Sensitive cookie without HttpOnly attribute Low Passive
16.1 Missing Content-Type header Low Passive
16.10 Content-Security-Policy violations Info Passive
16.2 Server header exposes version information Low Passive
16.3 X-Powered-By header exposes version information Low Passive
16.4 X-Backend-Server header exposes server information Info Passive
16.5 AspNet header exposes version information Low Passive
16.6 AspNetMvc header exposes version information Low Passive
16.7 Strict-Transport-Security header missing or invalid Low Passive
16.8 Content-Security-Policy analysis Info Passive
16.9 Content-Security-Policy-Report-Only analysis Info Passive
200.1 Exposure of sensitive information to an unauthorized actor (private IP address) Low Passive
209.1 Generation of error message containing sensitive information Low Passive
209.2 Generation of database error message containing sensitive information Low Passive
287.1 Insecure authentication over HTTP (Basic Authentication) Medium Passive
287.2 Insecure authentication over HTTP (Digest Authentication) Low Passive
319.1 Mixed Content Info Passive
352.1 Absence of anti-CSRF tokens Medium Passive
359.1 Exposure of Private Personal Information (PII) to an unauthorized actor (credit card) Medium Passive
359.2 Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number) Medium Passive
548.1 Exposure of information through directory listing Low Passive
598.1 Use of GET request method with sensitive query strings (session ID) Medium Passive
598.2 Use of GET request method with sensitive query strings (password) Medium Passive
598.3 Use of GET request method with sensitive query strings (Authorization header details) Medium Passive
601.1 URL redirection to untrusted site (‘open redirect’) Low Passive
614.1 Sensitive cookie without Secure attribute Low Passive
693.1 Missing X-Content-Type-Options: nosniff Low Passive
798.1 Exposure of confidential secret or token Adafruit API Key High Passive
798.2 Exposure of confidential secret or token Adobe Client ID (OAuth Web) High Passive
798.3 Exposure of confidential secret or token Adobe Client Secret High Passive
798.4 Exposure of confidential secret or token Age secret key High Passive
798.5 Exposure of confidential secret or token Airtable API Key High Passive
798.6 Exposure of confidential secret or token Algolia API Key High Passive
798.7 Exposure of confidential secret or token Alibaba AccessKey ID High Passive
798.8 Exposure of confidential secret or token Alibaba Secret Key High Passive
798.9 Exposure of confidential secret or token Asana Client ID High Passive
798.10 Exposure of confidential secret or token Asana Client Secret High Passive
798.11 Exposure of confidential secret or token Atlassian API token High Passive
798.12 Exposure of confidential secret or token AWS High Passive
798.13 Exposure of confidential secret or token Bitbucket Client ID High Passive
798.14 Exposure of confidential secret or token Bitbucket Client Secret High Passive
798.15 Exposure of confidential secret or token Bittrex Access Key High Passive
798.16 Exposure of confidential secret or token Bittrex Secret Key High Passive
798.17 Exposure of confidential secret or token Beamer API token High Passive
798.18 Exposure of confidential secret or token Codecov Access Token High Passive
798.19 Exposure of confidential secret or token Coinbase Access Token High Passive
798.20 Exposure of confidential secret or token Clojars API token High Passive
798.21 Exposure of confidential secret or token Confluent Access Token High Passive
798.22 Exposure of confidential secret or token Confluent Secret Key High Passive
798.23 Exposure of confidential secret or token Contentful delivery API token High Passive
798.24 Exposure of confidential secret or token Databricks API token High Passive
798.25 Exposure of confidential secret or token Datadog Access Token High Passive
798.26 Exposure of confidential secret or token Discord API key High Passive
798.27 Exposure of confidential secret or token Discord client ID High Passive
798.28 Exposure of confidential secret or token Discord client secret High Passive
798.29 Exposure of confidential secret or token Doppler API token High Passive
798.30 Exposure of confidential secret or token Dropbox API secret High Passive
798.31 Exposure of confidential secret or token Dropbox long lived API token High Passive
798.32 Exposure of confidential secret or token Dropbox short lived API token High Passive
798.33 Exposure of confidential secret or token Drone CI Access Token High Passive
798.34 Exposure of confidential secret or token Duffel API token High Passive
798.35 Exposure of confidential secret or token Dynatrace API token High Passive
798.36 Exposure of confidential secret or token EasyPost API token High Passive
798.37 Exposure of confidential secret or token EasyPost test API token High Passive
798.38 Exposure of confidential secret or token Etsy Access Token High Passive
798.39 Exposure of confidential secret or token Facebook High Passive
798.40 Exposure of confidential secret or token Fastly API key High Passive
798.41 Exposure of confidential secret or token Finicity Client Secret High Passive
798.42 Exposure of confidential secret or token Finicity API token High Passive
798.43 Exposure of confidential secret or token Flickr Access Token High Passive
798.44 Exposure of confidential secret or token Finnhub Access Token High Passive
798.46 Exposure of confidential secret or token Flutterwave Secret Key High Passive
798.47 Exposure of confidential secret or token Flutterwave Encryption Key High Passive
798.48 Exposure of confidential secret or token Frame.io API token High Passive
798.49 Exposure of confidential secret or token FreshBooks Access Token High Passive
798.50 Exposure of confidential secret or token GoCardless API token High Passive
798.52 Exposure of confidential secret or token GitHub Personal Access Token High Passive
798.53 Exposure of confidential secret or token GitHub OAuth Access Token High Passive
798.54 Exposure of confidential secret or token GitHub App Token High Passive
798.55 Exposure of confidential secret or token GitHub Refresh Token High Passive
798.56 Exposure of confidential secret or token GitLab Personal Access Token High Passive
798.57 Exposure of confidential secret or token Gitter Access Token High Passive
798.58 Exposure of confidential secret or token HashiCorp Terraform user/org API token High Passive
798.59 Exposure of confidential secret or token Heroku API Key High Passive
798.60 Exposure of confidential secret or token HubSpot API Token High Passive
798.61 Exposure of confidential secret or token Intercom API Token High Passive
798.62 Exposure of confidential secret or token Kraken Access Token High Passive
798.63 Exposure of confidential secret or token Kucoin Access Token High Passive
798.64 Exposure of confidential secret or token Kucoin Secret Key High Passive
798.65 Exposure of confidential secret or token LaunchDarkly Access Token High Passive
798.66 Exposure of confidential secret or token Linear API Token High Passive
798.67 Exposure of confidential secret or token Linear Client Secret High Passive
798.68 Exposure of confidential secret or token LinkedIn Client ID High Passive
798.69 Exposure of confidential secret or token LinkedIn Client secret High Passive
798.70 Exposure of confidential secret or token Lob API Key High Passive
798.72 Exposure of confidential secret or token Mailchimp API key High Passive
798.74 Exposure of confidential secret or token Mailgun private API token High Passive
798.75 Exposure of confidential secret or token Mailgun webhook signing key High Passive
798.77 Exposure of confidential secret or token Mattermost Access Token High Passive
798.78 Exposure of confidential secret or token MessageBird API token High Passive
798.80 Exposure of confidential secret or token Netlify Access Token High Passive
798.81 Exposure of confidential secret or token New Relic user API Key High Passive
798.82 Exposure of confidential secret or token New Relic user API ID High Passive
798.83 Exposure of confidential secret or token New Relic ingest browser API token High Passive
798.84 Exposure of confidential secret or token npm access token High Passive
798.86 Exposure of confidential secret or token Okta Access Token High Passive
798.87 Exposure of confidential secret or token Plaid Client ID High Passive
798.88 Exposure of confidential secret or token Plaid Secret key High Passive
798.89 Exposure of confidential secret or token Plaid API Token High Passive
798.90 Exposure of confidential secret or token PlanetScale password High Passive
798.91 Exposure of confidential secret or token PlanetScale API token High Passive
798.92 Exposure of confidential secret or token PlanetScale OAuth token High Passive
798.93 Exposure of confidential secret or token Postman API token High Passive
798.94 Exposure of confidential secret or token Private Key High Passive
798.95 Exposure of confidential secret or token Pulumi API token High Passive
798.96 Exposure of confidential secret or token PyPI upload token High Passive
798.97 Exposure of confidential secret or token RubyGems API token High Passive
798.98 Exposure of confidential secret or token RapidAPI Access Token High Passive
798.99 Exposure of confidential secret or token Sendbird Access ID High Passive
798.100 Exposure of confidential secret or token Sendbird Access Token High Passive
798.101 Exposure of confidential secret or token SendGrid API token High Passive
798.102 Exposure of confidential secret or token Sendinblue API token High Passive
798.103 Exposure of confidential secret or token Sentry Access Token High Passive
798.104 Exposure of confidential secret or token Shippo API token High Passive
798.105 Exposure of confidential secret or token Shopify access token High Passive
798.106 Exposure of confidential secret or token Shopify custom access token High Passive
798.107 Exposure of confidential secret or token Shopify private app access token High Passive
798.108 Exposure of confidential secret or token Shopify shared secret High Passive
798.109 Exposure of confidential secret or token Slack token High Passive
798.110 Exposure of confidential secret or token Slack Webhook High Passive
798.111 Exposure of confidential secret or token Stripe High Passive
798.112 Exposure of confidential secret or token Square Access Token High Passive
798.113 Exposure of confidential secret or token Squarespace Access Token High Passive
798.114 Exposure of confidential secret or token SumoLogic Access ID High Passive
798.115 Exposure of confidential secret or token SumoLogic Access Token High Passive
798.116 Exposure of confidential secret or token Travis CI Access Token High Passive
798.117 Exposure of confidential secret or token Twilio API Key High Passive
798.118 Exposure of confidential secret or token Twitch API token High Passive
798.119 Exposure of confidential secret or token Twitter API Key High Passive
798.120 Exposure of confidential secret or token Twitter API Secret High Passive
798.121 Exposure of confidential secret or token Twitter Access Token High Passive
798.122 Exposure of confidential secret or token Twitter Access Secret High Passive
798.123 Exposure of confidential secret or token Twitter Bearer Token High Passive
798.124 Exposure of confidential secret or token Typeform API token High Passive
798.125 Exposure of confidential secret or token Yandex API Key High Passive
798.126 Exposure of confidential secret or token Yandex AWS Access Token High Passive
798.127 Exposure of confidential secret or token Yandex Access Token High Passive
798.128 Exposure of confidential secret or token Zendesk Secret Key High Passive
829.1 Inclusion of Functionality from Untrusted Control Sphere Low Passive
829.2 Invalid Sub-Resource Integrity values detected Medium Passive

Active Checks

ID Check Severity Type
113.1 Improper Neutralization of CRLF Sequences in HTTP Headers High Active
1336.1 Server-Side Template Injection High Active
16.11 TRACE HTTP method enabled High Active
22.1 Improper limitation of a pathname to a restricted directory (Path traversal) High Active
611.1 External XML Entity Injection (XXE) High Active
74.1 XSLT Injection High Active
78.1 OS Command Injection High Active
89.1 SQL Injection High Active
917.1 Expression Language Injection High Active
918.1 Server-Side Request Forgery High Active
94.1 Server-side code injection (PHP) High Active
94.2 Server-side code injection (Ruby) High Active
94.3 Server-side code injection (Python) High Active
94.4 Server-side code injection (NodeJS) High Active
943.1 Improper neutralization of special elements in data query logic High Active
98.1 PHP Remote File Inclusion High Active