ZAP Full Scan Report

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  New Alerts

  • Proxy Disclosure [40025] total: 1:
    • http://127.0.0.1:8080/accounts/signup/
  • Absence of Anti-CSRF Tokens [10202] total: 1:
    • http://127.0.0.1:8080/accounts/google/login/
  • Buffer Overflow [30001] total: 4:
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
  • CORS Misconfiguration [40040] total: 9:
    • http://127.0.0.1:8080/static/css/dark-theme.css
    • http://127.0.0.1:8080/static/css/home.css
    • http://127.0.0.1:8080/static/css/playground.css
    • http://127.0.0.1:8080/static/Lab/icons/pygoat-mini.png
    • http://127.0.0.1:8080/static/Lab/icons/pygoat-mini.svg
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 11:
    • http://127.0.0.1:8080/accounts/google/login/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/cryptographic_failure
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/register
    • ..
  • Cross-Domain Misconfiguration [10098] total: 9:
    • http://127.0.0.1:8080/static/css/dark-theme.css
    • http://127.0.0.1:8080/static/css/home.css
    • http://127.0.0.1:8080/static/css/playground.css
    • http://127.0.0.1:8080/static/Lab/icons/pygoat-mini.png
    • http://127.0.0.1:8080/static/Lab/icons/pygoat-mini.svg
    • ..
  • HTTP Only Site [10106] total: 1:
    • http://127.0.0.1:8080/accounts/google/login/
  • Integer Overflow Error [30003] total: 3:
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
  • Application Error Disclosure [90022] total: 3:
    • http://127.0.0.1:8080/cryptographic_failure
    • http://127.0.0.1:8080/robots.txt
    • http://127.0.0.1:8080/accounts/google/login/
  • Cookie No HttpOnly Flag [10010] total: 10:
    • http://127.0.0.1:8080/accounts/google/login/
    • http://127.0.0.1:8080/accounts/google/login/?process=login
    • http://127.0.0.1:8080/accounts/login/
    • http://127.0.0.1:8080/accounts/password/reset/
    • http://127.0.0.1:8080/accounts/signup/
    • ..
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 10:
    • http://127.0.0.1:8080/accounts/google/login/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/register
    • http://127.0.0.1:8080/register
    • ..
  • Permissions Policy Header Not Set [10063] total: 11:
    • http://127.0.0.1:8080/accounts/google/login/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/cryptographic_failure
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/register
    • ..
  • Private IP Disclosure [2] total: 3:
    • http://127.0.0.1:8080/cryptographic_failure
    • http://127.0.0.1:8080/robots.txt
    • http://127.0.0.1:8080/accounts/google/login/
  • Authentication Request Identified [10111] total: 2:
    • http://127.0.0.1:8080/accounts/login/
    • http://127.0.0.1:8080/login/
  • Cookie Slack Detector [90027] total: 99:
    • http://127.0.0.1:8080/2021
    • http://127.0.0.1:8080/2021/A8
    • http://127.0.0.1:8080/a10
    • http://127.0.0.1:8080/a9
    • http://127.0.0.1:8080/accounts
    • ..
  • GET for POST [10058] total: 1:
    • http://127.0.0.1:8080/register
  • Modern Web Application [10109] total: 7:
    • http://127.0.0.1:8080/cryptographic_failure
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/register
    • http://127.0.0.1:8080/robots.txt
    • http://127.0.0.1:8080/accounts/google/login/
    • ..
  • Non-Storable Content [10049] total: 9:
    • http://127.0.0.1:8080/
    • http://127.0.0.1:8080/2021/A8
    • http://127.0.0.1:8080/auth_failure
    • http://127.0.0.1:8080/broken_access_control
    • http://127.0.0.1:8080/cmd
    • ..
  • Session Management Response Identified [10112] total: 6:
    • http://127.0.0.1:8080/accounts/google/login/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/login/
    • http://127.0.0.1:8080/register
    • ..
  • Storable and Cacheable Content [10049] total: 1:
    • http://127.0.0.1:8080/sitemap.xml
  • User Agent Fuzzer [10104] total: 756:
    • http://127.0.0.1:8080
    • http://127.0.0.1:8080
    • http://127.0.0.1:8080
    • http://127.0.0.1:8080
    • http://127.0.0.1:8080
    • ..
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 11:
    • http://127.0.0.1:8080/accounts/login/
    • http://127.0.0.1:8080/accounts/login/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
    • ..

View the following link to download the report.
RunnerID:13566727020

---

ZAP by Checkmarx

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  Resolved Alerts

  • Integer Overflow Error [30003] total: 3:

View the following link to download the report.
RunnerID:13610093365

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  Resolved Alerts

  • Proxy Disclosure [40025] total: 2:

View the following link to download the report.
RunnerID:13742697832

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  New Alerts

  • Proxy Disclosure [40025] total: 1:
    • http://127.0.0.1:8080/accounts/signup/

View the following link to download the report.
RunnerID:13877868669

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  Resolved Alerts

  • Proxy Disclosure [40025] total: 1:

View the following link to download the report.
RunnerID:14013559353

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  New Alerts

  • Proxy Disclosure [40025] total: 1:
    • http://127.0.0.1:8080/accounts/signup/

View the following link to download the report.
RunnerID:14150635359

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  New Alerts

  • Source Code Disclosure - File Inclusion [43] total: 1:
    • http://127.0.0.1:8080/accounts/signup/

  Resolved Alerts

  • Proxy Disclosure [40025] total: 1:

View the following link to download the report.
RunnerID:14287012509

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  Resolved Alerts

  • Source Code Disclosure - File Inclusion [43] total: 1:

View the following link to download the report.
RunnerID:14424510599

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  New Alerts

  • Proxy Disclosure [40025] total: 2:
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/
  • Integer Overflow Error [30003] total: 2:
    • http://127.0.0.1:8080/accounts/signup/
    • http://127.0.0.1:8080/accounts/signup/

View the following link to download the report.
RunnerID:14554054285

[github-actions]

• Site: https://127.0.0.1:8080

• Site: http://127.0.0.1:8080
  Resolved Alerts

  • Proxy Disclosure [40025] total: 2:
  • Integer Overflow Error [30003] total: 2:

View the following link to download the report.
RunnerID:14686338048