ZAP Full Scan Report

[github-actions]

• Site: https://localhost

• Site: http://localhost
  New Alerts

  • SQL Injection [40018] total: 2:
    • http://localhost/signup/
    • http://localhost/signup/
  • Vulnerable JS Library [10003] total: 1:
    • http://localhost/static/js/app.js
  • Absence of Anti-CSRF Tokens [10202] total: 1:
    • http://localhost/login
  • Anti-CSRF Tokens Check [20012] total: 1:
    • http://localhost/login
  • Content Security Policy (CSP) Header Not Set [10038] total: 12:
    • http://localhost/
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset3/
    • http://localhost/doi/10.1234/dataset4/
    • ..
  • HTTP Only Site [10106] total: 1:
    • http://localhost/login
  • Missing Anti-clickjacking Header [10020] total: 10:
    • http://localhost/
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset3/
    • http://localhost/doi/10.1234/dataset4/
    • ..
  • Sub Resource Integrity Attribute Missing [90003] total: 12:
    • http://localhost/
    • http://localhost/
    • http://localhost/
    • http://localhost/
    • http://localhost/robots.txt
    • ..
  • Cookie No HttpOnly Flag [10010] total: 12:
    • http://localhost/dataset/download/4
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset3/
    • http://localhost/doi/10.1234/dataset4/
    • ..
  • Cookie Slack Detector [90027] total: 111:
    • http://localhost/auth
    • http://localhost/auth/scripts.js
    • http://localhost/dataset
    • http://localhost/dataset/download
    • http://localhost/dataset/download/1
    • ..
  • Cookie without SameSite Attribute [10054] total: 12:
    • http://localhost/dataset/download/2
    • http://localhost/dataset/download/3
    • http://localhost/dataset/download/4
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • ..
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 11:
    • http://localhost/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset3/
    • http://localhost/doi/10.1234/dataset3/
    • ..
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 10:
    • http://localhost/
    • http://localhost/explore
    • http://localhost/static/img/icons/icon-250x250.png
    • http://localhost/team
    • http://localhost/
    • ..
  • Permissions Policy Header Not Set [10063] total: 11:
    • http://localhost/
    • http://localhost/auth/scripts.js
    • http://localhost/explore
    • http://localhost/explore/scripts.js
    • http://localhost/login
    • ..
  • Server Leaks Version Information via "Server" HTTP Response Header Field [10036] total: 11:
    • http://localhost/
    • http://localhost/dataset/download/4
    • http://localhost/doi/10.1234/dataset3
    • http://localhost/doi/10.1234/dataset4
    • http://localhost/explore
    • ..
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • http://localhost/
    • http://localhost/dataset/download/1
    • http://localhost/dataset/download/2
    • http://localhost/dataset/download/3
    • http://localhost/dataset/download/4
    • ..
  • Authentication Request Identified [10111] total: 1:
    • http://localhost/login
  • Cookie Slack Detector [90027] total: 1:
    • http://localhost/login
  • GET for POST [10058] total: 1:
    • http://localhost/login
  • Information Disclosure - Suspicious Comments [10027] total: 11:
    • http://localhost/
    • http://localhost/auth/scripts.js
    • http://localhost/explore
    • http://localhost/explore/scripts.js
    • http://localhost/explore/scripts.js
    • ..
  • Loosely Scoped Cookie [90033] total: 12:
    • http://localhost/dataset/download/2
    • http://localhost/dataset/download/3
    • http://localhost/dataset/download/4
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • ..
  • Modern Web Application [10109] total: 10:
    • http://localhost/
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • http://localhost/doi/10.1234/dataset3/
    • http://localhost/doi/10.1234/dataset4/
    • ..
  • Non-Storable Content [10049] total: 1:
    • http://localhost/doi/10.1234/dataset4
  • Session Management Response Identified [10112] total: 12:
    • http://localhost/dataset/download/2
    • http://localhost/dataset/download/3
    • http://localhost/dataset/download/4
    • http://localhost/doi/10.1234/dataset1/
    • http://localhost/doi/10.1234/dataset2/
    • ..
  • Storable and Cacheable Content [10049] total: 7:
    • http://localhost/
    • http://localhost/explore
    • http://localhost/login
    • http://localhost/robots.txt
    • http://localhost/signup/
    • ..
  • Storable but Non-Cacheable Content [10049] total: 3:
    • http://localhost/dataset/download/4
    • http://localhost/static/css/app.css
    • http://localhost/static/img/icons/icon-250x250.png
  • User Agent Fuzzer [10104] total: 237:
    • http://localhost
    • http://localhost
    • http://localhost
    • http://localhost
    • http://localhost
    • ..
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 3:
    • http://localhost/login
    • http://localhost/login
    • http://localhost/login

View the following link to download the report.
RunnerID:13134794028

---

ZAP by Checkmarx

[github-actions]

• Site: https://localhost

• Site: http://localhost
  Resolved Alerts

  • SQL Injection [40018] total: 2:

View the following link to download the report.
RunnerID:13134825707