{
"poor_physical_security": { "1.1": "other" }, "social_engineering": { "1.1": "other" }, "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": { "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based" }, "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": { "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based" }, "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": { "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based" }, "broken_authentication_and_session_management.session_token_in_url.over_https": { "1.2": "sensitive_data_exposure.sensitive_token_in_url" }, "broken_authentication_and_session_management.session_token_in_url.over_http": { "1.2": "sensitive_data_exposure.sensitive_token_in_url" }, "broken_authentication_and_session_management.session_token_in_url": { "1.2": "sensitive_data_exposure.sensitive_token_in_url" }, "insecure_data_transport": { "1.2": "mobile_security_misconfiguration" }, "insecure_data_transport.ssl_certificate_pinning": { "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning" }, "insecure_data_transport.ssl_certificate_pinning.absent": { "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent" }, "insecure_data_transport.ssl_certificate_pinning.defeatable": { "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable" }, "insecure_data_storage.credentials_stored_unencrypted": { "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted" }, "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": { "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage" }, "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": { "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage" }, "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": { "1.2": "insufficient_security_configurability.no_password_policy" }, "missing_function_level_access_control": { "1.3": "broken_access_control" }, "missing_function_level_access_control.server_side_request_forgery_ssrf": { "1.3": "broken_access_control.server_side_request_forgery_ssrf" }, "missing_function_level_access_control.server_side_request_forgery_ssrf.internal": { "1.3": "broken_access_control.server_side_request_forgery_ssrf.internal" }, "missing_function_level_access_control.server_side_request_forgery_ssrf.external": { "1.3": "broken_access_control.server_side_request_forgery_ssrf.external" }, "missing_function_level_access_control.username_enumeration": { "1.3": "broken_access_control.username_enumeration" }, "missing_function_level_access_control.username_enumeration.data_leak": { "1.3": "broken_access_control.username_enumeration.data_leak" }, "missing_function_level_access_control.exposed_sensitive_android_intent": { "1.3": "broken_access_control.exposed_sensitive_android_intent" }, "missing_function_level_access_control.exposed_sensitive_ios_url_scheme": { "1.3": "broken_access_control.exposed_sensitive_ios_url_scheme" }, "insecure_direct_object_references_idor": { "1.3": "broken_access_control.idor" }, "broken_authentication_and_session_management.weak_login_function.over_http": { "1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default" }, "cross_site_scripting_xss.ie_only.older_version_ie_10_11": { "1.4": "cross_site_scripting_xss.ie_only.ie11" }, "cross_site_scripting_xss.ie_only.older_version_ie10": { "1.4": "cross_site_scripting_xss.ie_only.older_version_ie11" }, "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": { "1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change" }, "network_security_misconfiguration.telnet_enabled.credentials_required": { "1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative" }, "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": { "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain" }, "server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": { "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain" }, "cross_site_scripting_xss.stored.admin_to_anyone": { "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation" }, "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": { "1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover" }, "server_security_misconfiguration.captcha_bypass": { "1.5": "server_security_misconfiguration.captcha" }, "server_security_misconfiguration.captcha_bypass.implementation_vulnerability": { "1.5": "server_security_misconfiguration.captcha.implementation_vulnerability" }, "server_security_misconfiguration.captcha_bypass.brute_force": { "1.5": "server_security_misconfiguration.captcha.brute_force" }, "broken_access_control.server_side_request_forgery_ssrf.internal": { "1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact" }, "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": { "1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain" }, "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": { "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim" }, "server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": { "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim" }, "server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": { "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim" }, "server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": { "1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain" }, "broken_access_control.username_enumeration.data_leak": { "1.7": "broken_access_control.username_enumeration.non_brute_force" }, "insufficient_security_configurability.weak_2fa_implementation": { "1.7": "insufficient_security_configurability.weak_two_fa_implementation" }, "sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": { "1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party" }, "sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": { "1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party" }, "cross_site_scripting_xss.ie_only.ie11": { "1.7": "cross_site_scripting_xss.ie_only.ie_eleven" }, "cross_site_scripting_xss.ie_only.older_version_ie11": { "1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven" }
}