VulnerableApp
VulnerableApp copied to clipboard
Segregating Learning Security related vulnerability levels from Scanner related vulnerability levels
Is your feature request related to a problem? Please describe.
While i was creating a new Vulnerability level for Persistent XSS which is based on PathParam instead of QueryParam from learning prespective both are almost same but from scanner point of view they are quite different so we need a way to segregate both using some kind of annotation or add an attribute to VulnerableAppRequestMapping
.
Both have pros and cons as if new annotation is added we might forget to add that annotation and if we make it as an attribute then already there are so many attributes which makes the annotation complex.
Need to think more.
@hemantgs please share your thoughts
This is one such level where it is important for Scanners but not for Students: https://github.com/SasanLabs/VulnerableApp/blob/526ba97935777586c4762a38ea4af8213229448e/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java#L404
we can have some kind of indicator in the UI to depict the level.