From 5679a34436d5aec3650609493882fe01439872b4 Mon Sep 17 00:00:00 2001
From: siarhei-sadouski-bright
<152505171+siarhei-sadouski-bright@users.noreply.github.com>
Date: Mon, 13 May 2024 15:44:43 +0200
Subject: [PATCH] docs(readme): update tests descriptions (#31)
SET-1156 #approved
---
README.md | 43 ++++++++++++++++++++++++++-----------------
1 file changed, 26 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index 3a482ad..78189cd 100644
--- a/README.md
+++ b/README.md
@@ -93,45 +93,54 @@ _Recommended tests:_
| -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Test name** | **Description** | **Value** | **Detectable vulnerabilities** |
| **Amazon S3 Bucket Takeover** | Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | `amazon_s3_takeover` | - [Amazon S3 Bucket Takeover](https://docs.brightsec.com/docs/amazon-s3-bucket-take-over) |
-| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) |
-| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) |
+| **Broken JWT Authentication** | Tests for secure implementation of JSON Web Token (JWT) in the application | `jwt` | - [Broken JWT Authentication](https://docs.brightsec.com/docs/broken-jwt-authentication) |
| **Broken SAML Authentication** | Tests for secure implementation of SAML authentication in the application | `broken_saml_auth` | - [Broken SAML Authentication](https://docs.brightsec.com/docs/broken-saml-authentication) |
| **Brute Force Login** | Tests for availability of commonly used credentials | `brute_force_login` | - [Brute Force Login](https://docs.brightsec.com/docs/brute-force-login) |
| **Business Constraint Bypass** | Tests if the limitation of number of retrievable items via an API call is configured properly | `business_constraint_bypass` | - [Business Constraint Bypass](https://docs.brightsec.com/docs/business-constraint-bypass) |
-| **Client-Side XSS**
_(DOM Cross-Site Scripting)_ | Tests if various application DOM parameters are vulnerable to JavaScript injections | `dom_xss` | - [Reflective Cross-site scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss)
- [Persistent Cross-site scripting (pXSS)](https://docs.brightsec.com/docs/persistent-cross-site-scripting-pxss) |
| **Common Files Exposure** | Tests if common files that should not be accessible are accessible | `common_files` | - [Exposed Common File](https://docs.brightsec.com/docs/exposed-common-file) |
| **Cookie Security Check** | Tests if the application uses and implements cookies with secure attributes | `cookie_security` | - [Sensitive Cookie in HTTPS Session Without Secure Attribute](https://docs.brightsec.com/docs/sensitive-cookie-in-https-session-without-secure-attribute)
- [Sensitive Cookie Without HttpOnly Flag](https://docs.brightsec.com/docs/sensitive-cookie-without-httponly-flag)
- [Sensitive Cookie Weak Session ID](https://docs.brightsec.com/docs/sensitive-cookie-weak-session-id) |
-| **Cross-Site Request Forgery (CSRF)** | Tests application forms for vulnerable cross-site filling and submitting | `csrf` | - [Unauthorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/unauthorized-cross-site-request-forgery-csrf)
- [Authorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/authorized-cross-site-request-forgery-csrf) |
-| **Cross-Site Scripting (XSS)** | Tests if various application parameters are vulnerable to JavaScript injections | `xss` | - [Reflective Cross-Site Scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss)
- [Persistent Cross-Site Scripting (pXSS)](https://docs.brightsec.com/docs/persistent-cross-site-scripting-pxss) |
+| **Cross-Site Request Forgery**
_(CSRF)_ | Tests application forms for vulnerable cross-site filling and submitting | `csrf` | - [Unauthorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/unauthorized-cross-site-request-forgery-csrf)
- [Authorized Cross-Site Request Forgery (CSRF)](https://docs.brightsec.com/docs/authorized-cross-site-request-forgery-csrf) |
+| **Cross-Site Scripting**
_(XSS)_ | Tests if various application parameters are vulnerable to JavaScript injections | `xss` | - [Reflective Cross-Site Scripting (rXSS)](https://docs.brightsec.com/docs/reflective-cross-site-scripting-rxss) |
+| **CSS Injection** | Tests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code. | `css_injection` | - [CSS Injection Details](https://docs.brightsec.com/docs/css-injection) |
+| **Common Vulnerability Exposure**
_(CVE)_ | Tests for known third-party common vulnerability exposures | `cve_test` | - [Common Vulnerability Exposure (CVE) Details](https://docs.brightsec.com/docs/cves) |
| **Default Login Location** | Tests if login form location in the target application is easy to guess and accessible | `default_login_location` | - [Default Login Location](https://docs.brightsec.com/docs/default-login-location) |
| **Directory Listing** | Tests if server-side directory listing is possible | `directory_listing` | - [Directory Listing](https://docs.brightsec.com/docs/directory-listing) |
| **Email Header Injection** | Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | `email_injection` | - [Email Header Injection](https://docs.brightsec.com/docs/email-header-injection) |
-| **Exposed AWS S3 Buckets Details**
_(Open Buckets)_ | Tests if exposed AWS S3 links lead to anonymous read access to the bucket | `open_buckets` | - [Exposed AWS S3 Buckets Details](https://docs.brightsec.com/docs/open-bucket) |
-| **Exposed Database Details**
_(Open Database)_ | Tests if exposed database connection strings are open to public connections | `open_buckets` | - [Exposed Database Details](https://docs.brightsec.com/docs/open-database)
- [Exposed Database Connection String](https://docs.brightsec.com/docs/exposed-database-connection-string) |
-| **Full Path Disclosure (FPD)** | Tests if various application parameters are vulnerable to exposure of errors that include full webroot path | `full_path_disclosure` | - [Full Path Disclosure](https://docs.brightsec.com/docs/full-path-disclosure) |
-| **Headers Security Check** | Tests for proper Security Headers configuration | `header_security` | - [Misconfigured Security Headers](https://docs.brightsec.com/docs/misconfigured-security-headers)
- [Missing Security Headers](https://docs.brightsec.com/docs/missing-security-headers)
- [Insecure Content Secure Policy Configuration](https://docs.brightsec.com/docs/insecure-content-secure-policy-configuration) |
+| **Exposed Database Details**
_(Open Database)_ | Tests if exposed database connection strings are open to public connections | `open_database` | - [Exposed Database Details](https://docs.brightsec.com/docs/open-database)
- [Exposed Database Connection String](https://docs.brightsec.com/docs/exposed-database-connection-string) |
+| **Excessive Data Exposure** | Tests application for not screening sensitive information on the server side | `excessive_data_exposure` | - [Excessive Data Exposure Details](https://docs.brightsec.com/docs/excessive-data-exposure) |
+| **Full Path Disclosure**
_(FPD)_ | Tests if various application parameters are vulnerable to exposure of errors that include full webroot path | `full_path_disclosure` | - [Full Path Disclosure](https://docs.brightsec.com/docs/full-path-disclosure) |
+| **GraphQL Introspection** | GraphQL data availability test for queries coming from external IP-address | `graphql_introspection` | - [GraphQL introspection Details](https://docs.brightsec.com/docs/graphql-introspection) |
+| **Headers Security Check** | Tests for proper Security Headers configuration | `header_security` | - [Misconfigured Security Headers](https://docs.brightsec.com/docs/misconfigured-security-headers)
- [Missing Security Headers](https://docs.brightsec.com/docs/missing-security-headers)
- [Insecure Content Secure Policy Configuration](https://docs.brightsec.com/docs/insecure-content-secure-policy-configuration) |
| **HTML Injection** | Tests if various application parameters are vulnerable to HTML injection | `html_injection` | - [HTML Injection](https://docs.brightsec.com/docs/html-injection) |
+| **iFrame Injection** | Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities. | `iframe_injection` | - [iFrame Injection Details](https://docs.brightsec.com/docs/iframe-injection) |
| **Improper Assets Management** | Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges | `improper_asset_management` | - [Improper Assets Management](https://docs.brightsec.com/docs/improper-assets-management) |
| **Insecure HTTP Method**
_(HTTP Method Fuzzer)_ | Tests enumeration of possible HTTP methods for vulnerabilities | `http_method_fuzzing` | - [Insecure HTTP Method](https://docs.brightsec.com/docs/insecure-http-method) |
| **Insecure TLS Configuration** | Tests SSL/TLS ciphers and configurations for vulnerabilities | `insecure_tls_configuration` | - [Insecure TLS Configuration](https://docs.brightsec.com/docs/insecure-tls-configuration) |
| **Known JavaScript Vulnerabilities**
_(JavaScript Vulnerabilities Scanning)_ | Tests for known JavaScript component vulnerabilities | `retire_js` | - [JavaScript Component with Known Vulnerabilities](https://docs.brightsec.com/docs/javascript-component-with-known-vulnerabilities) |
| **Known WordPress Vulnerabilities**
_(WordPress Scan)_ | Tests for known WordPress vulnerabilities and tries to enumerate a list of users | `wordpress` | - [WordPress Component with Known Vulnerabilities](https://docs.brightsec.com/docs/wordpress-component-with-known-vulnerabilities) |
| **LDAP Injection** | Tests if various application parameters are vulnerable to unauthorized LDAP access | `ldapi` | - [LDAP Injection](https://docs.brightsec.com/docs/ldap-injection)
- [LDAP Error](https://docs.brightsec.com/docs/ldap-error) |
-| **Local File Inclusion (LFI)** | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | `lfi` | - [Local File Inclusion (LFI)](https://docs.brightsec.com/docs/local-file-inclusion-lfi) |
+| **Local File Inclusion**
_(LFI)_ | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | `lfi` | - [Local File Inclusion (LFI)](https://docs.brightsec.com/docs/local-file-inclusion-lfi) |
+| **Lack of Resources and Rate Limiting** | Tests all API endpoints to ensure that rate-limiting or resource exhaustion protection is in place. This test can only be executed as a standalone. | `lrrl` | - [Lack of Resources and Rate Limiting Details](https://docs.brightsec.com/docs/lack-of-resources-and-rate-limiting) |
| **Mass Assignment** | Tests if it is possible to create requests with additional parameters to gain privilege escalation | `mass_assignment` | - [Mass Assignment](https://docs.brightsec.com/docs/mass-assignment) |
+| **MongoDB Injection** | Tests parameters for vulnerabilities like unauthorized database access and malicious JavaScript code execution | `nosql` | |
+| **Open Cloud Storage** | This test combines assessments for open cloud storage services, including Amazon S3, Azure Blob Storage, and Google Cloud Storage. | `open_cloud_storage` | - [Open Cloud Storage Details](https://docs.brightsec.com/docs/open-cloud-storage) |
| **OS Command Injection** | Tests if various application parameters are vulnerable to Operation System (OS) commands injection | `osi` | - [OS Command Injection](https://docs.brightsec.com/docs/os-command-injection) |
| **Prototype Pollution** | Tests if it is possible to inject properties into existing JavaScript objects | `proto_pollution` | - [Prototype Pollution](https://docs.brightsec.com/docs/prototype-pollution) |
-| **Remote File Inclusion (RFI)** | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | `rfi` | - [Remote File Inclusion (RFI)](https://docs.brightsec.com/docs/remote-file-inclusion-rfi) |
+| **Prompt Injection** | Tests for prompt injections assess the manipulation of LLMs through crafted prompts, which can result in unintended actions and security vulnerabilities like data leaks and unauthorized access. | `prompt_injection` | - [Prompt Injection Details](https://docs.brightsec.com/docs/prompt-injection) |
+| **Remote File Inclusion**
_(RFI)_ | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | `rfi` | - [Remote File Inclusion (RFI)](https://docs.brightsec.com/docs/remote-file-inclusion-rfi) |
| **Secret Tokens Leak** | Tests for exposure of secret API tokens or keys in the target application | `secret_tokens` | - [Secret Tokens Leak](https://docs.brightsec.com/docs/secret-tokens-leak) |
-| **Server Side Template Injection (SSTI)** | Tests if various application parameters are vulnerable to server-side code execution | `ssti` | - [Server Side Template Injection (SSTI)](https://docs.brightsec.com/docs/server-side-template-injection-ssti) |
-| **Server Side Request Forgery (SSRF)** | Tests if various application parameters are vulnerable to internal resources access | `ssrf` | - [Server Side Request Forgery (SSRF)](https://docs.brightsec.com/docs/server-side-request-forgery-ssrf) |
-| **SQL Injection (SQLI)** | SQL Injection tests vulnerable parameters for SQL database access | `sqli` | - [SQL Injection: Blind Boolean Based](https://docs.brightsec.com/docs/sql-injection-blind-boolean-based)
- [SQL Injection: Blind Time Based](https://docs.brightsec.com/docs/sql-injection-blind-time-based)
- [SQL Injection](https://docs.brightsec.com/docs/sql-injection)
- [SQL Database Error Message in Response](https://docs.brightsec.com/docs/sql-database-error-message-in-response) |
+| **Server Side Template Injection**
_(SSTI)_ | Tests if various application parameters are vulnerable to server-side code execution | `ssti` | - [Server Side Template Injection (SSTI)](https://docs.brightsec.com/docs/server-side-template-injection-ssti) |
+| **Server Side Request Forgery**
_(SSRF)_ | Tests if various application parameters are vulnerable to internal resources access | `ssrf` | - [Server Side Request Forgery (SSRF)](https://docs.brightsec.com/docs/server-side-request-forgery-ssrf) |
+| **SQL Injection**
_(SQLI)_ | SQL Injection tests vulnerable parameters for SQL database access | `sqli` | - [SQL Injection: Blind Boolean Based](https://docs.brightsec.com/docs/sql-injection-blind-boolean-based)
- [SQL Injection: Blind Time Based](https://docs.brightsec.com/docs/sql-injection-blind-time-based)
- [SQL Injection](https://docs.brightsec.com/docs/sql-injection)
- [SQL Database Error Message in Response](https://docs.brightsec.com/docs/sql-database-error-message-in-response) |
| **Unrestricted File Upload** | Tests if file upload mechanisms are validated properly and denies upload of malicious content | `file_upload` | - [Unrestricted File Upload](https://docs.brightsec.com/docs/unrestricted-file-upload) |
+| **Stored Cross-Site Scripting**
_(XSS)_ | Tests for the presence of multiple XSS vulnerabilities, such as reflective and DOM. | `stored_xss` | - [Stored Cross-Site Scripting (XSS) Details](https://docs.brightsec.com/docs/stored-cross-site-scripting-pxss) |
| **Unsafe Date Range**
_(Date Manipulation)_ | Tests if date ranges are set and validated properly | `date_manipulation` | - [Unsafe Date Range](https://docs.brightsec.com/docs/unsafe-date-range) |
+| **Known JavaScript Vulnerabilities**
_(JavaScript Vulnerabilities Scanning)_ | Tests for known JavaScript component vulnerabilities | `server_side_js_injection` | - [JavaScript Component with Known Vulnerabilities Details](https://docs.brightsec.com/docs/javascript-component-with-known-vulnerabilities) |
| **Unsafe Redirect**
_(Unvalidated Redirect)_ | Tests if various application parameters are vulnerable to injection of a malicious link which can redirect a user without validation | `unvalidated_redirect` | - [Unsafe Redirect](https://docs.brightsec.com/docs/unsafe-redirect) |
-| **User ID Enumeration** | Tests if it is possible to collect valid user ID data by interacting with the target application | `id_enumeration` | - [Enumerable Integer-Based ID](https://docs.brightsec.com/docs/enumerable-integer-based-id) |
-| **Version Control System Data Leak** | Tests if it is possible to access Version Control System (VCS) resources | `version_control_systems` | - [Version Control System Data Leak](https://docs.brightsec.com/docs/version-control-system-data-leak) |
-| **XML External Entity Injection** | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | `xxe` | - [XML External Entity Injection](https://docs.brightsec.com/docs/xml-external-entity-injection) |
+| **User ID Enumeration** | Tests if it is possible to collect valid user ID data by interacting with the target application | `id_enumeration` | - [Enumerable Integer-Based ID](https://docs.brightsec.com/docs/enumerable-integer-based-id) |
+| **Version Control System Data Leak** | Tests if it is possible to access Version Control System (VCS) resources | `version_control_systems` | - [Version Control System Data Leak](https://docs.brightsec.com/docs/version-control-system-data-leak) |
+| **XML External Entity Injection** | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | `xxe` | - [XML External Entity Injection](https://docs.brightsec.com/docs/xml-external-entity-injection) |
+| **XPath Injection** | Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions | `xpathi` | - [XPath Injection Details](https://docs.brightsec.com/docs/xpath-injection) |
### `file_id`