Alert Tags

All of the defined Alert Tags:
Tag Link
CUSTOM_PAYLOADS
CVE-2012-1823 https://nvd.nist.gov/vuln/detail/CVE-2012-1823
CVE-2014-0160 https://nvd.nist.gov/vuln/detail/CVE-2014-0160
CVE-2021-44228 https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2021-45046 https://nvd.nist.gov/vuln/detail/CVE-2021-45046
CVE-2022-22965 https://nvd.nist.gov/vuln/detail/CVE-2022-22965
CVE-2022-42889 https://nvd.nist.gov/vuln/detail/CVE-2022-42889
CWE-1004 https://cwe.mitre.org/data/definitions/1004.html
CWE-1021 https://cwe.mitre.org/data/definitions/1021.html
CWE-113 https://cwe.mitre.org/data/definitions/113.html
CWE-117 https://cwe.mitre.org/data/definitions/117.html
CWE-119 https://cwe.mitre.org/data/definitions/119.html
CWE-120 https://cwe.mitre.org/data/definitions/120.html
CWE-1275 https://cwe.mitre.org/data/definitions/1275.html
CWE-1336 https://cwe.mitre.org/data/definitions/1336.html
CWE-134 https://cwe.mitre.org/data/definitions/134.html
CWE-1395 https://cwe.mitre.org/data/definitions/1395.html
CWE-16 https://cwe.mitre.org/data/definitions/16.html
CWE-190 https://cwe.mitre.org/data/definitions/190.html
CWE-20 https://cwe.mitre.org/data/definitions/20.html
CWE-200 https://cwe.mitre.org/data/definitions/200.html
CWE-201 https://cwe.mitre.org/data/definitions/201.html
CWE-205 https://cwe.mitre.org/data/definitions/205.html
CWE-209 https://cwe.mitre.org/data/definitions/209.html
CWE-215 https://cwe.mitre.org/data/definitions/215.html
CWE-22 https://cwe.mitre.org/data/definitions/22.html
CWE-264 https://cwe.mitre.org/data/definitions/264.html
CWE-284 https://cwe.mitre.org/data/definitions/284.html
CWE-287 https://cwe.mitre.org/data/definitions/287.html
CWE-311 https://cwe.mitre.org/data/definitions/311.html
CWE-319 https://cwe.mitre.org/data/definitions/319.html
CWE-326 https://cwe.mitre.org/data/definitions/326.html
CWE-327 https://cwe.mitre.org/data/definitions/327.html
CWE-345 https://cwe.mitre.org/data/definitions/345.html
CWE-346 https://cwe.mitre.org/data/definitions/346.html
CWE-347 https://cwe.mitre.org/data/definitions/347.html
CWE-352 https://cwe.mitre.org/data/definitions/352.html
CWE-359 https://cwe.mitre.org/data/definitions/359.html
CWE-425 https://cwe.mitre.org/data/definitions/425.html
CWE-434 https://cwe.mitre.org/data/definitions/434.html
CWE-472 https://cwe.mitre.org/data/definitions/472.html
CWE-502 https://cwe.mitre.org/data/definitions/502.html
CWE-524 https://cwe.mitre.org/data/definitions/524.html
CWE-525 https://cwe.mitre.org/data/definitions/525.html
CWE-530 https://cwe.mitre.org/data/definitions/530.html
CWE-538 https://cwe.mitre.org/data/definitions/538.html
CWE-540 https://cwe.mitre.org/data/definitions/540.html
CWE-541 https://cwe.mitre.org/data/definitions/541.html
CWE-548 https://cwe.mitre.org/data/definitions/548.html
CWE-565 https://cwe.mitre.org/data/definitions/565.html
CWE-601 https://cwe.mitre.org/data/definitions/601.html
CWE-611 https://cwe.mitre.org/data/definitions/611.html
CWE-614 https://cwe.mitre.org/data/definitions/614.html
CWE-615 https://cwe.mitre.org/data/definitions/615.html
CWE-642 https://cwe.mitre.org/data/definitions/642.html
CWE-643 https://cwe.mitre.org/data/definitions/643.html
CWE-693 https://cwe.mitre.org/data/definitions/693.html
CWE-74 https://cwe.mitre.org/data/definitions/74.html
CWE-749 https://cwe.mitre.org/data/definitions/749.html
CWE-776 https://cwe.mitre.org/data/definitions/776.html
CWE-78 https://cwe.mitre.org/data/definitions/78.html
CWE-79 https://cwe.mitre.org/data/definitions/79.html
CWE-829 https://cwe.mitre.org/data/definitions/829.html
CWE-91 https://cwe.mitre.org/data/definitions/91.html
CWE-917 https://cwe.mitre.org/data/definitions/917.html
CWE-918 https://cwe.mitre.org/data/definitions/918.html
CWE-933 https://cwe.mitre.org/data/definitions/933.html
CWE-94 https://cwe.mitre.org/data/definitions/94.html
CWE-942 https://cwe.mitre.org/data/definitions/942.html
CWE-943 https://cwe.mitre.org/data/definitions/943.html
CWE-97 https://cwe.mitre.org/data/definitions/97.html
CWE-98 https://cwe.mitre.org/data/definitions/98.html
OUT_OF_BAND https://www.zaproxy.org/docs/desktop/addons/oast-support/
OWASP_2017_A01 https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html
OWASP_2017_A02 https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html
OWASP_2017_A03 https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html
OWASP_2017_A04 https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE).html
OWASP_2017_A05 https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html
OWASP_2017_A06 https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html
OWASP_2017_A07 https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html
OWASP_2017_A08 https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization.html
OWASP_2017_A09 https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html
OWASP_2021_A01 https://owasp.org/Top10/A01_2021-Broken_Access_Control/
OWASP_2021_A02 https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
OWASP_2021_A03 https://owasp.org/Top10/A03_2021-Injection/
OWASP_2021_A04 https://owasp.org/Top10/A04_2021-Insecure_Design/
OWASP_2021_A05 https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
OWASP_2021_A06 https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
OWASP_2021_A08 https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/
OWASP_2021_A10 https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
POLICY_API
POLICY_DEV_CICD
POLICY_DEV_FULL
POLICY_DEV_STD
POLICY_QA_FULL
POLICY_QA_STD
POLICY_SEQUENCE
TEST_TIMING
WSTG-v42-ATHN-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel
WSTG-v42-ATHN-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/04-Testing_for_Bypassing_Authentication_Schema
WSTG-v42-ATHN-06 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses
WSTG-v42-ATHZ-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include
WSTG-v42-ATHZ-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References
WSTG-v42-BUSL-09 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files
WSTG-v42-CLNT-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting
WSTG-v42-CLNT-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/02-Testing_for_JavaScript_Execution
WSTG-v42-CLNT-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/04-Testing_for_Client-side_URL_Redirect
WSTG-v42-CLNT-07 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing
WSTG-v42-CLNT-09 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking
WSTG-v42-CLNT-10 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets
WSTG-v42-CONF-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information
WSTG-v42-CONF-05 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces
WSTG-v42-CONF-06 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods
WSTG-v42-CONF-08 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/08-Test_RIA_Cross_Domain_Policy
WSTG-v42-CRYP-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security
WSTG-v42-CRYP-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/02-Testing_for_Padding_Oracle
WSTG-v42-CRYP-03 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels
WSTG-v42-CRYP-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption
WSTG-v42-ERRH-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling
WSTG-v42-ERRH-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces
WSTG-v42-IDNT-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account
WSTG-v42-INFO-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server
WSTG-v42-INFO-05 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage
WSTG-v42-INFO-08 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
WSTG-v42-INPV-01 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting
WSTG-v42-INPV-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
WSTG-v42-INPV-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution
WSTG-v42-INPV-05 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection
WSTG-v42-INPV-06 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection
WSTG-v42-INPV-07 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection
WSTG-v42-INPV-09 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/09-Testing_for_XPath_Injection
WSTG-v42-INPV-11 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection
WSTG-v42-INPV-12 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/12-Testing_for_Command_Injection
WSTG-v42-INPV-15 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/15-Testing_for_HTTP_Splitting_Smuggling
WSTG-v42-INPV-18 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection
WSTG-v42-INPV-19 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/19-Testing_for_Server-Side_Request_Forgery
WSTG-v42-SESS-02 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes
WSTG-v42-SESS-03 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/03-Testing_for_Session_Fixation
WSTG-v42-SESS-04 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/04-Testing_for_Exposed_Session_Variables
WSTG-v42-SESS-05 https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery