You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A ZAP baseline scan demonstrates several issues. Investigate each of these issues and create a fix if required, or leave on ignore if not relevant. Full ZAP report can be found in GitHub Actions.
Issues:
Information Disclosure - Suspicious Comments [10027]
User Controllable HTML Element Attribute (Potential XSS) [10031]
Non-Storable Content [10049]
Cookie without SameSite Attribute [10054]
CSP: Wildcard Directive [10055]
Permissions Policy Header Not Set [10063]
Modern Web Application [10109]
Dangerous JS Functions [10110]
Loosely Scoped Cookie [90033]
Please provide relevant logs
IGNORE: Information Disclosure - Suspicious Comments [10027] x 14
http://localhost:8080/webjars/bootstrap/5.2.3/js/bootstrap.bundle.min.js (200 OK)
http://localhost:8080/webjars/datatables/1.13.2/js/dataTables.bootstrap5.min.js (200 OK)
http://localhost:8080/webjars/datatables/1.13.2/js/jquery.dataTables.min.js (200 OK)
http://localhost:8080/webjars/github-buttons/2.14.1/dist/buttons.js (200 OK)
http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: User Controllable HTML Element Attribute (Potential XSS) [10031] x 6
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Non-Storable Content [10049] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Cookie without SameSite Attribute [10054] x 1
http://localhost:8080/challenge/0 (200 OK)
IGNORE: CSP: Wildcard Directive [10055] x 12
http://localhost:8080 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/robots.txt (404 Not Found)
http://localhost:8080/sitemap.xml (404 Not Found)
http://localhost:8080 (200 OK)
IGNORE: Permissions Policy Header Not Set [10063] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Modern Web Application [10109] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Dangerous JS Functions [10110] x 1
http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: Loosely Scoped Cookie [90033] x 1
http://localhost:8080/challenge/0 (200 OK)
Any possible solutions?
Needs further investigation per issue.
If the bug is confirmed, would you be willing to submit a PR?
Yes
The text was updated successfully, but these errors were encountered:
commjoen
changed the title
DAST scan - ZAP issues
DAST scan - Investigate & fix if required: ZAP issues
Mar 20, 2023
commjoen
changed the title
DAST scan - Investigate & fix if required: ZAP issues
DAST scan - Investigate & fix if required results of the ZAP scan
Mar 20, 2023
A ZAP baseline scan demonstrates several issues. Investigate each of these issues and create a fix if required, or leave on ignore if not relevant. Full ZAP report can be found in GitHub Actions.
Issues:
Please provide relevant logs
Any possible solutions?
Needs further investigation per issue.
If the bug is confirmed, would you be willing to submit a PR?
Yes
The text was updated successfully, but these errors were encountered: