VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

Segregating Learning Security related vulnerability levels from Scanner related vulnerability levels

Open preetkaran20 opened this issue 3 years ago • 2 comments

Is your feature request related to a problem? Please describe. While i was creating a new Vulnerability level for Persistent XSS which is based on PathParam instead of QueryParam from learning prespective both are almost same but from scanner point of view they are quite different so we need a way to segregate both using some kind of annotation or add an attribute to VulnerableAppRequestMapping. Both have pros and cons as if new annotation is added we might forget to add that annotation and if we make it as an attribute then already there are so many attributes which makes the annotation complex.

Need to think more.

preetkaran20 avatar Oct 12 '20 03:10 preetkaran20

@hemantgs please share your thoughts

preetkaran20 avatar Oct 12 '20 03:10 preetkaran20

This is one such level where it is important for Scanners but not for Students: https://github.com/SasanLabs/VulnerableApp/blob/526ba97935777586c4762a38ea4af8213229448e/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java#L404

we can have some kind of indicator in the UI to depict the level.

preetkaran20 avatar Jan 17 '22 10:01 preetkaran20