Skip to content

Commit 7fc1d37

Browse files
authored
Merge pull request zaproxy#9248 from psiinon/alerts/ptk1
Added initial PTK alerts
2 parents 602922f + 9902f9f commit 7fc1d37

1 file changed

Lines changed: 28 additions & 0 deletions

File tree

docs/scanners.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -288,6 +288,34 @@ Scan rules:
288288
120001 Information Disclosure - Sensitive Information in Browser Storage
289289
120002 Information Disclosure - JWT in Browser Storage
290290
291+
200000 PTK - DAST - SQL Injection
292+
200001 PTK - DAST - OS command injection
293+
200002 PTK - DAST - Reflected Cross-Site Scripting (XSS)
294+
200003 PTK - DAST - JSON Web Token attacks
295+
200004 PTK - DAST - Exposure of Version-Control Repository
296+
200005 PTK - DAST - OWASP Secure Headers
297+
200006 PTK - DAST - Sensitive data exposure
298+
200007 PTK - DAST - SPA hash-based DOM XSS
299+
200008 PTK - DAST - WebSocket security indicators
300+
200009 PTK - DAST - Passive Recon: Source Maps & Debug Artifacts
301+
200010 PTK - DAST - Passive Recon: Error & Stack Trace Disclosure
302+
200011 PTK - DAST - Passive Recon: Client Config & Secret-Like Values
303+
200012 PTK - DAST - Passive Recon: API Docs & Specs Exposure
304+
200013 PTK - DAST - Passive Recon: .well-known & Metadata Files
305+
200014 PTK - DAST - Passive Recon: Tokens & Secrets in URLs
306+
200015 PTK - DAST - Passive Recon: High-Risk Parameter Names
307+
200016 PTK - DAST - Passive Recon: Internal Hosts & Environment Hints
308+
200017 PTK - DAST - Passive Recon: CORS Posture Indicators
309+
200018 PTK - DAST - Passive Recon: Cache & Privacy Posture
310+
200019 PTK - DAST - Passive Recon: Interesting Endpoint Patterns
311+
210000 PTK - IAST - DOM XSS sinks
312+
210001 PTK - IAST - Dynamic JS execution
313+
210002 PTK - IAST - Client-side navigation sinks
314+
220000 PTK - SAST - DOM-based XSS
315+
220001 PTK - SAST - DOM-based Cookie Manipulation
316+
220002 PTK - SAST - Open Redirection
317+
220003 PTK - SAST - DOM-based JavaScript Injection
318+
291319
322420463 Retire.js (3rd Party)
292320
293321
```

0 commit comments

Comments
 (0)