From 5679a34436d5aec3650609493882fe01439872b4 Mon Sep 17 00:00:00 2001 From: siarhei-sadouski-bright <152505171+siarhei-sadouski-bright@users.noreply.github.com> Date: Mon, 13 May 2024 15:44:43 +0200 Subject: [PATCH] docs(readme): update tests descriptions (#31) SET-1156 #approved --- README.md | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 3a482ad..78189cd 100644 --- a/README.md +++ b/README.md @@ -93,45 +93,54 @@ _Recommended tests:_ | -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Test name** | **Description** | **Value** | **Detectable vulnerabilities** | | **Amazon S3 Bucket Takeover** | Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | `amazon_s3_takeover` | - [Amazon S3 Bucket Takeover](https://docs.brightsec.com/docs/amazon-s3-bucket-take-over) | -| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) | -| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) | +| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) | | **Broken SAML Authentication** | Tests for secure implementation of SAML authentication in the application | `broken_saml_auth` | - [Broken SAML Authentication](https://docs.brightsec.com/docs/broken-saml-authentication) | | **Brute Force Login** | Tests for availability of commonly used credentials | `brute_force_login` | - [Brute Force Login](https://docs.brightsec.com/docs/brute-force-login) | | **Business Constraint Bypass** | Tests if the limitation of number of retrievable items via an API call is configured properly | `business_constraint_bypass` | - [Business Constraint Bypass](https://docs.brightsec.com/docs/business-constraint-bypass) | -| **Client-Side XSS**
_(DOM Cross-Site Scripting)_ | Tests if various application DOM parameters are vulnerable to JavaScript injections | `dom_xss` | - [Reflective Cross-site scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss)

- [Persistent Cross-site scripting (pXSS)](https://docs.brightsec.com/docs/persistent-cross-site-scripting-pxss) | | **Common Files Exposure** | Tests if common files that should not be accessible are accessible | `common_files` | - [Exposed Common File](https://docs.brightsec.com/docs/exposed-common-file) | | **Cookie Security Check** | Tests if the application uses and implements cookies with secure attributes | `cookie_security` | - [Sensitive Cookie in HTTPS Session Without Secure Attribute](https://docs.brightsec.com/docs/sensitive-cookie-in-https-session-without-secure-attribute)

- [Sensitive Cookie Without HttpOnly Flag](https://docs.brightsec.com/docs/sensitive-cookie-without-httponly-flag)

- [Sensitive Cookie Weak Session ID](https://docs.brightsec.com/docs/sensitive-cookie-weak-session-id) | -| **Cross-Site Request Forgery (CSRF)** | Tests application forms for vulnerable cross-site filling and submitting | `csrf` | - [Unauthorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/unauthorized-cross-site-request-forgery-csrf)

- [Authorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/authorized-cross-site-request-forgery-csrf) | -| **Cross-Site Scripting (XSS)** | Tests if various application parameters are vulnerable to JavaScript injections | `xss` | - [Reflective Cross-Site Scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss)

- [Persistent Cross-Site Scripting (pXSS)](https://docs.brightsec.com/docs/persistent-cross-site-scripting-pxss) | +| **Cross-Site Request Forgery**
_(CSRF)_ | Tests application forms for vulnerable cross-site filling and submitting | `csrf` | - [Unauthorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/unauthorized-cross-site-request-forgery-csrf)

- [Authorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/authorized-cross-site-request-forgery-csrf) | +| **Cross-Site Scripting**
_(XSS)_ | Tests if various application parameters are vulnerable to JavaScript injections | `xss` | - [Reflective Cross-Site Scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss) | +| **CSS Injection** | Tests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code. | `css_injection` | - [CSS Injection Details](https://docs.brightsec.com/docs/css-injection) | +| **Common Vulnerability Exposure**
_(CVE)_ | Tests for known third-party common vulnerability exposures | `cve_test` | - [Common Vulnerability Exposure (CVE) Details](https://docs.brightsec.com/docs/cves) | | **Default Login Location** | Tests if login form location in the target application is easy to guess and accessible | `default_login_location` | - [Default Login Location](https://docs.brightsec.com/docs/default-login-location) | | **Directory Listing** | Tests if server-side directory listing is possible | `directory_listing` | - [Directory Listing](https://docs.brightsec.com/docs/directory-listing) | | **Email Header Injection** | Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | `email_injection` | - [Email Header Injection](https://docs.brightsec.com/docs/email-header-injection) | -| **Exposed AWS S3 Buckets Details**
_(Open Buckets)_ | Tests if exposed AWS S3 links lead to anonymous read access to the bucket | `open_buckets` | - [Exposed AWS S3 Buckets Details](https://docs.brightsec.com/docs/open-bucket) | -| **Exposed Database Details**
_(Open Database)_ | Tests if exposed database connection strings are open to public connections | `open_buckets` | - [Exposed Database Details](https://docs.brightsec.com/docs/open-database)

- [Exposed Database Connection String](https://docs.brightsec.com/docs/exposed-database-connection-string) | -| **Full Path Disclosure (FPD)** | Tests if various application parameters are vulnerable to exposure of errors that include full webroot path | `full_path_disclosure` | - [Full Path Disclosure](https://docs.brightsec.com/docs/full-path-disclosure) | -| **Headers Security Check** | Tests for proper Security Headers configuration | `header_security` | - [Misconfigured Security Headers](https://docs.brightsec.com/docs/misconfigured-security-headers)

- [Missing Security Headers](https://docs.brightsec.com/docs/missing-security-headers)

- [Insecure Content Secure Policy Configuration](https://docs.brightsec.com/docs/insecure-content-secure-policy-configuration) | +| **Exposed Database Details**
_(Open Database)_ | Tests if exposed database connection strings are open to public connections | `open_database` | - [Exposed Database Details](https://docs.brightsec.com/docs/open-database)

- [Exposed Database Connection String](https://docs.brightsec.com/docs/exposed-database-connection-string) | +| **Excessive Data Exposure** | Tests application for not screening sensitive information on the server side | `excessive_data_exposure` | - [Excessive Data Exposure Details](https://docs.brightsec.com/docs/excessive-data-exposure) | +| **Full Path Disclosure**
_(FPD)_ | Tests if various application parameters are vulnerable to exposure of errors that include full webroot path | `full_path_disclosure` | - [Full Path Disclosure](https://docs.brightsec.com/docs/full-path-disclosure) | +| **GraphQL Introspection** | GraphQL data availability test for queries coming from external IP-address | `graphql_introspection` | - [GraphQL introspection Details](https://docs.brightsec.com/docs/graphql-introspection) | +| **Headers Security Check** | Tests for proper Security Headers configuration | `header_security` | - [Misconfigured Security Headers](https://docs.brightsec.com/docs/misconfigured-security-headers)

- [Missing Security Headers](https://docs.brightsec.com/docs/missing-security-headers)

- [Insecure Content Secure Policy Configuration](https://docs.brightsec.com/docs/insecure-content-secure-policy-configuration) | | **HTML Injection** | Tests if various application parameters are vulnerable to HTML injection | `html_injection` | - [HTML Injection](https://docs.brightsec.com/docs/html-injection) | +| **iFrame Injection** | Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities. | `iframe_injection` | - [iFrame Injection Details](https://docs.brightsec.com/docs/iframe-injection) | | **Improper Assets Management** | Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges | `improper_asset_management` | - [Improper Assets Management](https://docs.brightsec.com/docs/improper-assets-management) | | **Insecure HTTP Method**
_(HTTP Method Fuzzer)_ | Tests enumeration of possible HTTP methods for vulnerabilities | `http_method_fuzzing` | - [Insecure HTTP Method](https://docs.brightsec.com/docs/insecure-http-method) | | **Insecure TLS Configuration** | Tests SSL/TLS ciphers and configurations for vulnerabilities | `insecure_tls_configuration` | - [Insecure TLS Configuration](https://docs.brightsec.com/docs/insecure-tls-configuration) | | **Known JavaScript Vulnerabilities**
_(JavaScript Vulnerabilities Scanning)_ | Tests for known JavaScript component vulnerabilities | `retire_js` | - [JavaScript Component with Known Vulnerabilities](https://docs.brightsec.com/docs/javascript-component-with-known-vulnerabilities) | | **Known WordPress Vulnerabilities**
_(WordPress Scan)_ | Tests for known WordPress vulnerabilities and tries to enumerate a list of users | `wordpress` | - [WordPress Component with Known Vulnerabilities](https://docs.brightsec.com/docs/wordpress-component-with-known-vulnerabilities) | | **LDAP Injection** | Tests if various application parameters are vulnerable to unauthorized LDAP access | `ldapi` | - [LDAP Injection](https://docs.brightsec.com/docs/ldap-injection)

- [LDAP Error](https://docs.brightsec.com/docs/ldap-error) | -| **Local File Inclusion (LFI)** | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | `lfi` | - [Local File Inclusion (LFI)](https://docs.brightsec.com/docs/local-file-inclusion-lfi) | +| **Local File Inclusion**
_(LFI)_ | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | `lfi` | - [Local File Inclusion (LFI)](https://docs.brightsec.com/docs/local-file-inclusion-lfi) | +| **Lack of Resources and Rate Limiting** | Tests all API endpoints to ensure that rate-limiting or resource exhaustion protection is in place. This test can only be executed as a standalone. | `lrrl` | - [Lack of Resources and Rate Limiting Details](https://docs.brightsec.com/docs/lack-of-resources-and-rate-limiting) | | **Mass Assignment** | Tests if it is possible to create requests with additional parameters to gain privilege escalation | `mass_assignment` | - [Mass Assignment](https://docs.brightsec.com/docs/mass-assignment) | +| **MongoDB Injection** | Tests parameters for vulnerabilities like unauthorized database access and malicious JavaScript code execution | `nosql` | | +| **Open Cloud Storage** | This test combines assessments for open cloud storage services, including Amazon S3, Azure Blob Storage, and Google Cloud Storage. | `open_cloud_storage` | - [Open Cloud Storage Details](https://docs.brightsec.com/docs/open-cloud-storage) | | **OS Command Injection** | Tests if various application parameters are vulnerable to Operation System (OS) commands injection | `osi` | - [OS Command Injection](https://docs.brightsec.com/docs/os-command-injection) | | **Prototype Pollution** | Tests if it is possible to inject properties into existing JavaScript objects | `proto_pollution` | - [Prototype Pollution](https://docs.brightsec.com/docs/prototype-pollution) | -| **Remote File Inclusion (RFI)** | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | `rfi` | - [Remote File Inclusion (RFI)](https://docs.brightsec.com/docs/remote-file-inclusion-rfi) | +| **Prompt Injection** | Tests for prompt injections assess the manipulation of LLMs through crafted prompts, which can result in unintended actions and security vulnerabilities like data leaks and unauthorized access. | `prompt_injection` | - [Prompt Injection Details](https://docs.brightsec.com/docs/prompt-injection) | +| **Remote File Inclusion**
_(RFI)_ | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | `rfi` | - [Remote File Inclusion (RFI)](https://docs.brightsec.com/docs/remote-file-inclusion-rfi) | | **Secret Tokens Leak** | Tests for exposure of secret API tokens or keys in the target application | `secret_tokens` | - [Secret Tokens Leak](https://docs.brightsec.com/docs/secret-tokens-leak) | -| **Server Side Template Injection (SSTI)** | Tests if various application parameters are vulnerable to server-side code execution | `ssti` | - [Server Side Template Injection (SSTI)](https://docs.brightsec.com/docs/server-side-template-injection-ssti) | -| **Server Side Request Forgery (SSRF)** | Tests if various application parameters are vulnerable to internal resources access | `ssrf` | - [Server Side Request Forgery (SSRF)](https://docs.brightsec.com/docs/server-side-request-forgery-ssrf) | -| **SQL Injection (SQLI)** | SQL Injection tests vulnerable parameters for SQL database access | `sqli` | - [SQL Injection: Blind Boolean Based](https://docs.brightsec.com/docs/sql-injection-blind-boolean-based)

- [SQL Injection: Blind Time Based](https://docs.brightsec.com/docs/sql-injection-blind-time-based)

- [SQL Injection](https://docs.brightsec.com/docs/sql-injection)

- [SQL Database Error Message in Response](https://docs.brightsec.com/docs/sql-database-error-message-in-response) | +| **Server Side Template Injection**
_(SSTI)_ | Tests if various application parameters are vulnerable to server-side code execution | `ssti` | - [Server Side Template Injection (SSTI)](https://docs.brightsec.com/docs/server-side-template-injection-ssti) | +| **Server Side Request Forgery**
_(SSRF)_ | Tests if various application parameters are vulnerable to internal resources access | `ssrf` | - [Server Side Request Forgery (SSRF)](https://docs.brightsec.com/docs/server-side-request-forgery-ssrf) | +| **SQL Injection**
_(SQLI)_ | SQL Injection tests vulnerable parameters for SQL database access | `sqli` | - [SQL Injection: Blind Boolean Based](https://docs.brightsec.com/docs/sql-injection-blind-boolean-based)

- [SQL Injection: Blind Time Based](https://docs.brightsec.com/docs/sql-injection-blind-time-based)

- [SQL Injection](https://docs.brightsec.com/docs/sql-injection)

- [SQL Database Error Message in Response](https://docs.brightsec.com/docs/sql-database-error-message-in-response) | | **Unrestricted File Upload** | Tests if file upload mechanisms are validated properly and denies upload of malicious content | `file_upload` | - [Unrestricted File Upload](https://docs.brightsec.com/docs/unrestricted-file-upload) | +| **Stored Cross-Site Scripting**
_(XSS)_ | Tests for the presence of multiple XSS vulnerabilities, such as reflective and DOM. | `stored_xss` | - [Stored Cross-Site Scripting (XSS) Details](https://docs.brightsec.com/docs/stored-cross-site-scripting-pxss) | | **Unsafe Date Range**
_(Date Manipulation)_ | Tests if date ranges are set and validated properly | `date_manipulation` | - [Unsafe Date Range](https://docs.brightsec.com/docs/unsafe-date-range) | +| **Known JavaScript Vulnerabilities**
_(JavaScript Vulnerabilities Scanning)_ | Tests for known JavaScript component vulnerabilities | `server_side_js_injection` | - [JavaScript Component with Known Vulnerabilities Details](https://docs.brightsec.com/docs/javascript-component-with-known-vulnerabilities) | | **Unsafe Redirect**
_(Unvalidated Redirect)_ | Tests if various application parameters are vulnerable to injection of a malicious link which can redirect a user without validation | `unvalidated_redirect` | - [Unsafe Redirect](https://docs.brightsec.com/docs/unsafe-redirect) | -| **User ID Enumeration** | Tests if it is possible to collect valid user ID data by interacting with the target application | `id_enumeration` | - [Enumerable Integer-Based ID](https://docs.brightsec.com/docs/enumerable-integer-based-id) | -| **Version Control System Data Leak** | Tests if it is possible to access Version Control System (VCS) resources | `version_control_systems` | - [Version Control System Data Leak](https://docs.brightsec.com/docs/version-control-system-data-leak) | -| **XML External Entity Injection** | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | `xxe` | - [XML External Entity Injection](https://docs.brightsec.com/docs/xml-external-entity-injection) | +| **User ID Enumeration** | Tests if it is possible to collect valid user ID data by interacting with the target application | `id_enumeration` | - [Enumerable Integer-Based ID](https://docs.brightsec.com/docs/enumerable-integer-based-id) | +| **Version Control System Data Leak** | Tests if it is possible to access Version Control System (VCS) resources | `version_control_systems` | - [Version Control System Data Leak](https://docs.brightsec.com/docs/version-control-system-data-leak) | +| **XML External Entity Injection** | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | `xxe` | - [XML External Entity Injection](https://docs.brightsec.com/docs/xml-external-entity-injection) | +| **XPath Injection** | Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions | `xpathi` | - [XPath Injection Details](https://docs.brightsec.com/docs/xpath-injection) | ### `file_id`