VulnerableApp
VulnerableApp copied to clipboard
SasanLabs
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
**Is your feature request related to a problem? Please describe.** Currently Owasp VulnerableApp is incubator project and as we have progressed well and also integrated in Owasp ZAP's weekly build...
Hi!, I was working on the issue https://github.com/SasanLabs/VulnerableApp/issues/347. I fixed most of the blocker and critical sonar issues. I have run a sonarlint job for Java in IDE and checked...
**Is your feature request related to a problem? Please describe.** As we have done the Sonar integration with VulnerableApp in PR: https://github.com/SasanLabs/VulnerableApp/pull/321, so now we need to: 1. Analyze the...
Segregating Learning Security related vulnerability levels from Scanner related vulnerability levels
**Is your feature request related to a problem? Please describe.** While i was creating a new Vulnerability level for Persistent XSS which is based on PathParam instead of QueryParam from...
**Describe the bug** As we are reading a file in https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/fileupload/PreflightController.java class which we have uploaded at Level_8 of unrestricted file upload vulnerability (as shown below) and it seems like...
**Is your feature request related to a problem? Please describe.** Currently VulnerableApp doesn't contain any session related vulnerabilities however, backend and frontend frameworks can now support it so in this...
**Is your feature request related to a problem? Please describe.** SAST tools like SonarSource, want to evaluate their accuracy and improvements in finding security vulnerabilities. Now as the VulnerableApp is...
**Is your feature request related to a problem? Please describe.** Currently, we are not having a way to know if there is any breaking change between various releases. Like say,...
**Describe the enhancement ** Path Traversal Vulnerability doesn't have a secure implementation so we need to add the Secure implementation. This vulnerability, we need to also validate other levels for...
**Describe the bug** There are few levels in Http3xxStatusCodeBasedInjection Vulnerability which are a secure implementation so we need to add the Secure variant to the Annotation. This bug also includes...