Karan Preet Singh Sasan
Karan Preet Singh Sasan
**Is your feature request related to a problem? Please describe.** Docker images for VulnerableApp have just 2 versions latest and unreleased. It should be latest (whcih is unreleased) and specific...
**Is your feature request related to a problem? Please describe.** In the SSRF vulnerability, we have added the support for AWS metadata service based attack but there are many cloud...
**Is your feature request related to a problem? Please describe.** XSSWithHtmlTagInjection vulnerability is handled in the backend at: https://github.com/SasanLabs/VulnerableApp/blob/ed98eb0923893ea822761cca3e7d0969b0eb340d/src/main/java/org/sasanlabs/service/vulnerability/xss/reflected/UrlParamBasedHtmlTagInjection.java It has the following issues: 1. Class name doesn't match the...
**Is your feature request related to a problem? Please describe.** Currently there is no level in Unrestricted File Upload which doesn't have a check on size of file uploaded. **Describe...
**Is your feature request related to a problem? Please describe.** Similar to the Vulnerability definition we provide for DAST, we need to add the support for SAST tools too. Along...
**Is your feature request related to a problem? Please describe.** Currently, VulnerableApp's UnrestrictedFileUpload vulnerability is not having any indicator for telling users that the uploaded file is too large which...
**Is your feature request related to a problem? Please describe.** Currently Owasp VulnerableApp is incubator project and as we have progressed well and also integrated in Owasp ZAP's weekly build...
**Is your feature request related to a problem? Please describe.** As we have done the Sonar integration with VulnerableApp in PR: https://github.com/SasanLabs/VulnerableApp/pull/321, so now we need to: 1. Analyze the...
Segregating Learning Security related vulnerability levels from Scanner related vulnerability levels
**Is your feature request related to a problem? Please describe.** While i was creating a new Vulnerability level for Persistent XSS which is based on PathParam instead of QueryParam from...
**Describe the bug** As we are reading a file in https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/fileupload/PreflightController.java class which we have uploaded at Level_8 of unrestricted file upload vulnerability (as shown below) and it seems like...