OWASP Security Scan Details
HostedScan provides two OWASP security scans to meet the needs of every user. Both scans use the OWASP ZAP (Zaproxy) scanner , a leading open source project used by many large players in the security industry. These scans test websites and web apps for OWASP Top 10 risks and more.
The Passive Scan
Loads the pages of a website and checks for vulnerabilities such as cross-domain misconfigurations, insecure cookies, and vulnerable js dependencies (see table below for full list). This scan completes within several minutes.
The Active Scan
Submits forms and makes requests to the web application to test for vulnerabilities such as SQL injection, remote command execution, and cross-site scripting (see table below for full list). The active scan is not destructive, but it may send thousands of requests to a web application while thoroughly testing for all vulnerabilities. Make sure you have permission from the application owner to run this scan. This scan may take up to several hours, depending on the scanned target.
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| Application Error Disclosure | ||
| Big Redirect Detected (Potential Sensitive Information Leak) | ||
| Cookie Poisoning | ||
| Cross-Domain JavaScript Source File Inclusion | ||
| Information Disclosure - Debug Error Messages | ||
| Information Disclosure - Sensitive Information in HTTP Referrer Header | ||
| Information Disclosure - Sensitive Information in URL | ||
| Information Disclosure - Suspicious Comments | ||
| PII Disclosure | ||
| Private IP Disclosure | ||
| Username Hash Found | ||
| X-Backend-Server Header Information Leak | ||
| X-ChromeLogger-Data (XCOLD) Header Information Leak | ||
| X-Debug-Token Information Leak | ||
| .env Information Leak | ||
| .htaccess Information Leak | ||
| ELMAH Information Leak | ||
| Spring Actuator Information Leak | ||
| Trace.axd Information Leak |
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| Charset Mismatch | ||
| Content-Type Header Missing | ||
| Cookie No HttpOnly Flag | ||
| Cookie Without Secure Flag | ||
| Cross-Domain Misconfiguration | ||
| Directory Browsing | ||
| HTTP Server Response Header | ||
| Loosely Scoped Cookie | ||
| Modern Web Application | ||
| Re-examine Cache-control Directives | ||
| Retrieved from Cache | ||
| Secure Pages Include Mixed Content | ||
| Stats Passive Scan Rule | ||
| Strict-Transport-Security Header | ||
| X-AspNet-Version Response Header | ||
| Weak Authentication Method | ||
| Directory Browsing (Active mode only) |
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| SQL Injection | ||
| XPath Injection | ||
| XSLT Injection | ||
| Remote Code Execution - CVE-2012-1823 | ||
| Remote File Inclusion | ||
| Remote OS Command Injection | ||
| Server Side Code Injection | ||
| Server Side Template Injection | ||
| Source Code Disclosure - /WEB-INF folder | ||
| Source Code Disclosure - CVE-2012-1823 | ||
| Parameter Tampering | ||
| Path Traversal | ||
| Generic Padding Oracle | ||
| Log4Shell | ||
| Spring4Shell |
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| Cross Site Scripting (Persistent) | ||
| Cross Site Scripting (Persistent) - Prime | ||
| Cross Site Scripting (Persistent) - Spider | ||
| Cross Site Scripting (Reflected) | ||
| User Controllable HTML Element Attribute (Potential XSS) | ||
| User Controllable JavaScript Event (XSS) |
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| Open Redirect | ||
| Reverse Tabnabbing | ||
| External Redirect | ||
| HTTP to HTTPS Insecure Transition in Form Post | ||
| HTTPS to HTTP Insecure Transition in Form Post |
| Scan Capability | Passive Scan | Active Scan |
|---|---|---|
| Heartbleed OpenSSL Vulnerability (Indicative) | ||
| Heartbleed OpenSSL Vulnerability | ||
| Hash Disclosure | ||
| Insecure JSF ViewState | ||
| Session ID in URL Rewrite | ||
| Viewstate | ||
| Vulnerable JS Library (Powered by Retire.js) | ||
| CRLF Injection | ||
| GET for POST | ||
| XML External Entity Attack |
