Skip to content

Commit 439da3a

Browse files
jhas3cjhas3c
authored
scw-update (#394)
1 parent 7b4a14c commit 439da3a

File tree

1 file changed

+57
-11
lines changed

1 file changed

+57
-11
lines changed

third-party-mappings/remediation_training/secure-code-warrior-links.json

Lines changed: 57 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
{
22
"server_security_misconfiguration": null,
3+
"server_security_misconfiguration.server_side_request_forgery_ssrf": null,
4+
"server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact": null,
5+
"server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": null,
6+
"server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact": null,
7+
"server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only": null,
38
"server_security_misconfiguration.unsafe_cross_origin_resource_sharing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true",
9+
"server_security_misconfiguration.request_smuggling": null,
410
"server_security_misconfiguration.path_traversal": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:path_traversal&redirect=true",
511
"server_security_misconfiguration.directory_listing_enabled": null,
612
"server_security_misconfiguration.directory_listing_enabled.sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:sensitive_data_exposure&redirect=true",
@@ -90,6 +96,7 @@
9096
"server_side_injection.parameter_pollution": null,
9197
"server_side_injection.parameter_pollution.social_media_sharing_buttons": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:parameter_pollution:social_media_sharing_buttons&redirect=true",
9298
"server_side_injection.remote_code_execution_rce": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:remote_code_execution_rce&redirect=true",
99+
"server_side_injection.ldap_injection": null,
93100
"server_side_injection.sql_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:sql_injection&redirect=true",
94101
"server_side_injection.xml_external_entity_injection_xxe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:xml_external_entity_injection_xxe&redirect=true",
95102
"server_side_injection.http_response_manipulation": null,
@@ -99,6 +106,7 @@
99106
"server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking": null,
100107
"server_side_injection.content_spoofing.external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:external_authentication_injection&redirect=true",
101108
"server_side_injection.content_spoofing.flash_based_external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:flash_based_external_authentication_injection&redirect=true",
109+
"server_side_injection.content_spoofing.html_content_injection": null,
102110
"server_side_injection.content_spoofing.email_html_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_html_injection&redirect=true",
103111
"server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_hyperlink_injection_based_on_email_provider&redirect=true",
104112
"server_side_injection.content_spoofing.text_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:text_injection&redirect=true",
@@ -121,6 +129,7 @@
121129
"broken_authentication_and_session_management.session_fixation.local_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:local_attack_vector&redirect=true",
122130
"broken_authentication_and_session_management.failure_to_invalidate_session": null,
123131
"broken_authentication_and_session_management.failure_to_invalidate_session.on_logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout&redirect=true",
132+
"broken_authentication_and_session_management.failure_to_invalidate_session.permission_change": null,
124133
"broken_authentication_and_session_management.failure_to_invalidate_session.on_logout_server_side_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout_server_side_only&redirect=true",
125134
"broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_password_change&redirect=true",
126135
"broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions": null,
@@ -132,9 +141,9 @@
132141
"broken_authentication_and_session_management.weak_registration_implementation.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_registration_implementation:over_http&redirect=true",
133142
"sensitive_data_exposure": null,
134143
"sensitive_data_exposure.disclosure_of_secrets": null,
135-
"sensitive_data_exposure.pii_leakage_exposure": null,
136144
"sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset": null,
137145
"sensitive_data_exposure.disclosure_of_secrets.pii_leakage_exposure": null,
146+
"sensitive_data_exposure.disclosure_of_secrets.for_internal_asset": null,
138147
"sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null,
139148
"sensitive_data_exposure.disclosure_of_secrets.intentionally_public_sample_or_invalid": null,
140149
"sensitive_data_exposure.disclosure_of_secrets.data_traffic_spam": null,
@@ -182,21 +191,21 @@
182191
"cross_site_scripting_xss.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:flash_based&redirect=true",
183192
"cross_site_scripting_xss.cookie_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:cookie_based&redirect=true",
184193
"cross_site_scripting_xss.ie_only": null,
185-
"cross_site_scripting_xss.ie_only.ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:ie_eleven&redirect=true",
186-
"cross_site_scripting_xss.ie_only.xss_filter_disabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:xss_filter_disabled&redirect=true",
187-
"cross_site_scripting_xss.ie_only.older_version_ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:older_version_ie_eleven&redirect=true",
188194
"cross_site_scripting_xss.referer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:referer&redirect=true",
189195
"cross_site_scripting_xss.trace_method": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:trace_method&redirect=true",
190196
"cross_site_scripting_xss.universal_uxss": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:universal_uxss&redirect=true",
191197
"cross_site_scripting_xss.off_domain": null,
192198
"cross_site_scripting_xss.off_domain.data_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:off_domain:data_uri&redirect=true",
193199
"broken_access_control": null,
194200
"broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true",
195-
"broken_access_control.server_side_request_forgery_ssrf": null,
196-
"broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_high_impact&redirect=true",
197-
"broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_scan_and_or_medium_impact&redirect=true",
198-
"broken_access_control.server_side_request_forgery_ssrf.external": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:external&redirect=true",
199-
"broken_access_control.server_side_request_forgery_ssrf.dns_query_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:dns_query_only&redirect=true",
201+
"broken_access_control.idor.read_edit_delete_non_sensitive_information": null,
202+
"broken_access_control.idor.read_edit_delete_sensitive_information": null,
203+
"broken_access_control.idor.read_edit_delete_sensitive_information.complext_object_identifiers": null,
204+
"broken_access_control.idor.read_sensitive_information": null,
205+
"broken_access_control.idor.read_sensitive_information.iterable_object_identifiers": null,
206+
"broken_access_control.idor.edit_delete_sensitive_information": null,
207+
"broken_access_control.idor.edit_delete_sensitive_information.iterable_object_identifiers": null,
208+
"broken_access_control.idor.edit_delete_sensitive_information.read_edit_delete_sensitive_information_pii": null,
200209
"broken_access_control.username_enumeration": null,
201210
"broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true",
202211
"broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true",
@@ -285,9 +294,46 @@
285294
"insecure_os_firmware.hardcoded_password": null,
286295
"insecure_os_firmware.hardcoded_password.privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:privileged_user&redirect=true",
287296
"insecure_os_firmware.hardcoded_password.non_privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:non_privileged_user&redirect=true",
297+
"cryptographic_weakness": null,
298+
"cryptographic_weakness.insufficient_entropy": null,
299+
"cryptographic_weakness.insufficient_entropy.limited_rng_entropy_source": null,
300+
"cryptographic_weakness.insufficient_entropy.use_of_trng_for_nonsecurity_purpose": null,
301+
"cryptographic_weakness.insufficient_entropy.prng_seed_reuse": null,
302+
"cryptographic_weakness.insufficient_entropy.predictable_prng_seed": null,
303+
"cryptographic_weakness.insufficient_entropy.small_seed_space_in_prng": null,
304+
"cryptographic_weakness.insufficient_entropy.initialization_vector_reuse": null,
305+
"cryptographic_weakness.insufficient_entropy.predictable_initialization_vector": null,
306+
"cryptographic_weakness.insecure_implementation": null,
307+
"cryptographic_weakness.insecure_implementation.missing_cryptographic_step": null,
308+
"cryptographic_weakness.insecure_implementation.improper_following_of_specification": null,
309+
"cryptographic_weakness.weak_hash": null,
310+
"cryptographic_weakness.weak_hash.lack_of_salt": null,
311+
"cryptographic_weakness.weak_hash.use_of_predictable_salt": null,
312+
"cryptographic_weakness.weak_hash.predictable_hash_collision": null,
313+
"cryptographic_weakness.insufficient_verification_of_data_authenticity": null,
314+
"cryptographic_weakness.insufficient_verification_of_data_authenticity.identity_check_value": null,
315+
"cryptographic_weakness.insufficient_verification_of_data_authenticity.cryptographic_signature": null,
316+
"cryptographic_weakness.insecure_key_generation": null,
317+
"cryptographic_weakness.insecure_key_generation.improper_asymmetric_prime_selection": null,
318+
"cryptographic_weakness.insecure_key_generation.improper_asymmetric_exponent_selection": null,
319+
"cryptographic_weakness.insecure_key_generation.insufficient_key_stretching": null,
320+
"cryptographic_weakness.insecure_key_generation.insufficient_key_space": null,
321+
"cryptographic_weakness.insecure_key_generation.key_exchange_without_entity_authentication": null,
322+
"cryptographic_weakness.key_reuse": null,
323+
"cryptographic_weakness.key_reuse.lack_of_perfect_forward_secrecy": null,
324+
"cryptographic_weakness.key_reuse.intra_environment": null,
325+
"cryptographic_weakness.key_reuse.inter_environment": null,
326+
"cryptographic_weakness.side_channel_attack": null,
327+
"cryptographic_weakness.side_channel_attack.padding_oracle_attack": null,
328+
"cryptographic_weakness.side_channel_attack.timing_attack": null,
329+
"cryptographic_weakness.side_channel_attack.power_analysis_attack": null,
330+
"cryptographic_weakness.side_channel_attack.emanations_attack": null,
331+
"cryptographic_weakness.side_channel_attack.differential_fault_analysis": null,
332+
"cryptographic_weakness.use_of_expired_cryptographic_key_or_cert": null,
333+
"cryptographic_weakness.incomplete_cleanup_of_keying_material": null,
288334
"broken_cryptography": null,
289-
"broken_cryptography.cryptographic_flaw": null,
290-
"broken_cryptography.cryptographic_flaw.incorrect_usage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_cryptography:cryptographic_flaw:incorrect_usage&redirect=true",
335+
"broken_cryptography.use_of_broken_cryptographic_primitive": null,
336+
"broken_cryptography.use_of_vulnerable_cryptographic_library": null,
291337
"privacy_concerns": null,
292338
"privacy_concerns.unnecessary_data_collection": null,
293339
"privacy_concerns.unnecessary_data_collection.wifi_ssid_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=privacy_concerns:unnecessary_data_collection:wifi_ssid_password&redirect=true",

0 commit comments

Comments
 (0)