| CUSTOM_PAYLOADS |
|
| CVE-2012-1823 |
https://nvd.nist.gov/vuln/detail/CVE-2012-1823 |
| CVE-2014-0160 |
https://nvd.nist.gov/vuln/detail/CVE-2014-0160 |
| CVE-2021-44228 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44228 |
| CVE-2021-45046 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45046 |
| CVE-2022-22965 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| CVE-2022-42889 |
https://nvd.nist.gov/vuln/detail/CVE-2022-42889 |
| CWE-1004 |
https://cwe.mitre.org/data/definitions/1004.html |
| CWE-1021 |
https://cwe.mitre.org/data/definitions/1021.html |
| CWE-113 |
https://cwe.mitre.org/data/definitions/113.html |
| CWE-117 |
https://cwe.mitre.org/data/definitions/117.html |
| CWE-119 |
https://cwe.mitre.org/data/definitions/119.html |
| CWE-120 |
https://cwe.mitre.org/data/definitions/120.html |
| CWE-1275 |
https://cwe.mitre.org/data/definitions/1275.html |
| CWE-1336 |
https://cwe.mitre.org/data/definitions/1336.html |
| CWE-134 |
https://cwe.mitre.org/data/definitions/134.html |
| CWE-16 |
https://cwe.mitre.org/data/definitions/16.html |
| CWE-190 |
https://cwe.mitre.org/data/definitions/190.html |
| CWE-20 |
https://cwe.mitre.org/data/definitions/20.html |
| CWE-200 |
https://cwe.mitre.org/data/definitions/200.html |
| CWE-201 |
https://cwe.mitre.org/data/definitions/201.html |
| CWE-205 |
https://cwe.mitre.org/data/definitions/205.html |
| CWE-209 |
https://cwe.mitre.org/data/definitions/209.html |
| CWE-215 |
https://cwe.mitre.org/data/definitions/215.html |
| CWE-22 |
https://cwe.mitre.org/data/definitions/22.html |
| CWE-264 |
https://cwe.mitre.org/data/definitions/264.html |
| CWE-284 |
https://cwe.mitre.org/data/definitions/284.html |
| CWE-287 |
https://cwe.mitre.org/data/definitions/287.html |
| CWE-311 |
https://cwe.mitre.org/data/definitions/311.html |
| CWE-319 |
https://cwe.mitre.org/data/definitions/319.html |
| CWE-326 |
https://cwe.mitre.org/data/definitions/326.html |
| CWE-327 |
https://cwe.mitre.org/data/definitions/327.html |
| CWE-345 |
https://cwe.mitre.org/data/definitions/345.html |
| CWE-346 |
https://cwe.mitre.org/data/definitions/346.html |
| CWE-347 |
https://cwe.mitre.org/data/definitions/347.html |
| CWE-352 |
https://cwe.mitre.org/data/definitions/352.html |
| CWE-359 |
https://cwe.mitre.org/data/definitions/359.html |
| CWE-425 |
https://cwe.mitre.org/data/definitions/425.html |
| CWE-434 |
https://cwe.mitre.org/data/definitions/434.html |
| CWE-472 |
https://cwe.mitre.org/data/definitions/472.html |
| CWE-502 |
https://cwe.mitre.org/data/definitions/502.html |
| CWE-524 |
https://cwe.mitre.org/data/definitions/524.html |
| CWE-525 |
https://cwe.mitre.org/data/definitions/525.html |
| CWE-530 |
https://cwe.mitre.org/data/definitions/530.html |
| CWE-538 |
https://cwe.mitre.org/data/definitions/538.html |
| CWE-540 |
https://cwe.mitre.org/data/definitions/540.html |
| CWE-541 |
https://cwe.mitre.org/data/definitions/541.html |
| CWE-548 |
https://cwe.mitre.org/data/definitions/548.html |
| CWE-565 |
https://cwe.mitre.org/data/definitions/565.html |
| CWE-601 |
https://cwe.mitre.org/data/definitions/601.html |
| CWE-611 |
https://cwe.mitre.org/data/definitions/611.html |
| CWE-614 |
https://cwe.mitre.org/data/definitions/614.html |
| CWE-615 |
https://cwe.mitre.org/data/definitions/615.html |
| CWE-642 |
https://cwe.mitre.org/data/definitions/642.html |
| CWE-643 |
https://cwe.mitre.org/data/definitions/643.html |
| CWE-693 |
https://cwe.mitre.org/data/definitions/693.html |
| CWE-74 |
https://cwe.mitre.org/data/definitions/74.html |
| CWE-749 |
https://cwe.mitre.org/data/definitions/749.html |
| CWE-776 |
https://cwe.mitre.org/data/definitions/776.html |
| CWE-78 |
https://cwe.mitre.org/data/definitions/78.html |
| CWE-79 |
https://cwe.mitre.org/data/definitions/79.html |
| CWE-829 |
https://cwe.mitre.org/data/definitions/829.html |
| CWE-91 |
https://cwe.mitre.org/data/definitions/91.html |
| CWE-917 |
https://cwe.mitre.org/data/definitions/917.html |
| CWE-918 |
https://cwe.mitre.org/data/definitions/918.html |
| CWE-933 |
https://cwe.mitre.org/data/definitions/933.html |
| CWE-94 |
https://cwe.mitre.org/data/definitions/94.html |
| CWE-942 |
https://cwe.mitre.org/data/definitions/942.html |
| CWE-943 |
https://cwe.mitre.org/data/definitions/943.html |
| CWE-97 |
https://cwe.mitre.org/data/definitions/97.html |
| CWE-98 |
https://cwe.mitre.org/data/definitions/98.html |
| OUT_OF_BAND |
https://www.zaproxy.org/docs/desktop/addons/oast-support/ |
| OWASP_2017_A01 |
https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html |
| OWASP_2017_A02 |
https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html |
| OWASP_2017_A03 |
https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html |
| OWASP_2017_A04 |
https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE).html |
| OWASP_2017_A05 |
https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html |
| OWASP_2017_A06 |
https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html |
| OWASP_2017_A07 |
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html |
| OWASP_2017_A08 |
https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization.html |
| OWASP_2017_A09 |
https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html |
| OWASP_2021_A01 |
https://owasp.org/Top10/A01_2021-Broken_Access_Control/ |
| OWASP_2021_A02 |
https://owasp.org/Top10/A02_2021-Cryptographic_Failures/ |
| OWASP_2021_A03 |
https://owasp.org/Top10/A03_2021-Injection/ |
| OWASP_2021_A04 |
https://owasp.org/Top10/A04_2021-Insecure_Design/ |
| OWASP_2021_A05 |
https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ |
| OWASP_2021_A06 |
https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/ |
| OWASP_2021_A08 |
https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/ |
| OWASP_2021_A10 |
https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ |
| TEST_TIMING |
|
| WSTG-v42-ATHN-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel |
| WSTG-v42-ATHN-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema |
| WSTG-v42-ATHN-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses |
| WSTG-v42-ATHZ-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include |
| WSTG-v42-ATHZ-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References |
| WSTG-v42-BUSL-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files |
| WSTG-v42-CLNT-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting |
| WSTG-v42-CLNT-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/02-Testing_for_JavaScript_Execution |
| WSTG-v42-CLNT-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect |
| WSTG-v42-CLNT-07 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing |
| WSTG-v42-CLNT-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking |
| WSTG-v42-CLNT-10 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets |
| WSTG-v42-CONF-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information |
| WSTG-v42-CONF-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces |
| WSTG-v42-CONF-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods |
| WSTG-v42-CONF-08 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy |
| WSTG-v42-CRYP-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security |
| WSTG-v42-CRYP-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle |
| WSTG-v42-CRYP-03 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels |
| WSTG-v42-CRYP-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption |
| WSTG-v42-ERRH-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling |
| WSTG-v42-ERRH-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces |
| WSTG-v42-IDNT-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account |
| WSTG-v42-INFO-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server |
| WSTG-v42-INFO-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage |
| WSTG-v42-INFO-08 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework |
| WSTG-v42-INPV-01 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting |
| WSTG-v42-INPV-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting |
| WSTG-v42-INPV-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution |
| WSTG-v42-INPV-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection |
| WSTG-v42-INPV-06 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection |
| WSTG-v42-INPV-07 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection |
| WSTG-v42-INPV-09 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection |
| WSTG-v42-INPV-11 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection |
| WSTG-v42-INPV-12 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection |
| WSTG-v42-INPV-15 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling |
| WSTG-v42-INPV-18 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection |
| WSTG-v42-INPV-19 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery |
| WSTG-v42-SESS-02 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes |
| WSTG-v42-SESS-03 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation |
| WSTG-v42-SESS-04 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables |
| WSTG-v42-SESS-05 |
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery |