This repository has been archived by the owner on Oct 24, 2024. It is now read-only.

ZAP Full Scan Report #704

Open

github-actions bot opened this issue Jun 30, 2024 · 5 comments

github-actions bot commented Jun 30, 2024

Site: https://all-sorns.app.cloud.gov
New Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/
- Anti-CSRF Tokens Check [20012] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search=ZAP&starting_year=ZAP
- Proxy Disclosure [40025] total: 26:
- Cookie Slack Detector [90027] total: 24:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Information Disclosure - Suspicious Comments [10027] total: 2:
  - https://all-sorns.app.cloud.gov/packs/js/application-65b72d606262565ce700.js
  - https://all-sorns.app.cloud.gov/packs/js/beforeSearch-b883bbbc67be4ce3c033.js
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- User Agent Fuzzer [10104] total: 48:

View the following link to download the report.
RunnerID:9728893963

ZAP is supported by the Crash Override Open Source Fellowship

Author

github-actions bot commented Jul 7, 2024

Site: https://all-sorns.app.cloud.gov
New Alerts
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Dangerous JS Functions [10110] total: 2:
  - https://all-sorns.app.cloud.gov/packs/js/application-65b72d606262565ce700.js
  - https://all-sorns.app.cloud.gov/packs/js/beforeSearch-b883bbbc67be4ce3c033.js
- Permissions Policy Header Not Set [10063] total: 7:
- Non-Storable Content [10049] total: 4:
- Session Management Response Identified [10112] total: 7:
- Storable and Cacheable Content [10049] total: 8:

View the following link to download the report.
RunnerID:9824120541

Author

github-actions bot commented Jul 24, 2024

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Non-Storable Content [10049] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- Storable and Cacheable Content [10049] total: 8:

View the following link to download the report.
RunnerID:10081561919

Author

github-actions bot commented Jul 28, 2024

Site: https://all-sorns.app.cloud.gov
New Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search=ZAP&starting_year=ZAP
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 1:
  - https://all-sorns.app.cloud.gov/assets/application-f07bc6d650fae152009f51496ac7215d4794a753c0b225876f391f171bfce0ce.js
- Permissions Policy Header Not Set [10063] total: 7:
- Information Disclosure - Suspicious Comments [10027] total: 2:
  - https://all-sorns.app.cloud.gov/assets/application-f07bc6d650fae152009f51496ac7215d4794a753c0b225876f391f171bfce0ce.js
  - https://all-sorns.app.cloud.gov/assets/beforeSearch-30ddea7aea8c25df739cdcf4a6a8e6271ce5af99b929b006e3994057c14027bc.js
- Modern Web Application [10109] total: 4:
- Non-Storable Content [10049] total: 3:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- Storable and Cacheable Content [10049] total: 8:

View the following link to download the report.
RunnerID:10128454945

Author

github-actions bot commented Sep 8, 2024

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Dangerous JS Functions [10110] total: 1:

View the following link to download the report.
RunnerID:10756555620

Author

github-actions bot commented Oct 13, 2024

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cookie Slack Detector [90027] total: 22:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Permissions Policy Header Not Set [10063] total: 7:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 6:
- User Agent Fuzzer [10104] total: 48:

View the following link to download the report.
RunnerID:11310941934

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.