ZAP Full Scan Report
Closed this issue · 32 comments
- Site: https://all-sorns.app.cloud.gov
New Alerts- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Proxy Disclosure [40025] total: 26:
- Cookie Slack Detector [90027] total: 1:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Timestamp Disclosure - Unix [10096] total: 1:
- Cookie Slack Detector [90027] total: 23:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 6:
- Re-examine Cache-control Directives [10015] total: 5:
- User Agent Fuzzer [10104] total: 32:
View the following link to download the report.
RunnerID:2288375358
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2307564065
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 2:
View the following link to download the report.
RunnerID:2365124637
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 2:
View the following link to download the report.
RunnerID:2386159159
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2386289050
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2441761561
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 2:
View the following link to download the report.
RunnerID:2482138072
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 2:
View the following link to download the report.
RunnerID:2522625842
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2562820959
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2603719591
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2684111922
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2762388263
- Site: https://all-sorns.app.cloud.gov
New Alerts- Timestamp Disclosure - Unix [10096] total: 3:
View the following link to download the report.
RunnerID:2768091159
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 3:
View the following link to download the report.
RunnerID:2811193710
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Content Security Policy (CSP) Header Not Set [10038] total: 1:
View the following link to download the report.
RunnerID:2854315535
- Site: https://all-sorns.app.cloud.gov
New Alerts- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:2897045119
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Timestamp Disclosure - Unix [10096] total: 1:
View the following link to download the report.
RunnerID:3030406625
- Site: https://all-sorns.app.cloud.gov
New Alerts- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Non-Storable Content [10049] total: 4:
- Storable and Cacheable Content [10049] total: 7:
- https://all-sorns.app.cloud.gov/assets/application-45f64cff6ecac9ead6e7d546df9bed83aa51ea6f4cce7533ca8197b03f170f1d.css
- https://all-sorns.app.cloud.gov/assets/logo-dffe504b434394311d0eb761343fd6f087dcb6225058e6d219f4471edc20628d.svg
- https://all-sorns.app.cloud.gov/assets/uswds-2.9.0/icon-dot-gov-769bd5f6cbe7cf48452e9e46c126bc1390b26ee14740883d80fe956e7dbfae3c.svg
- https://all-sorns.app.cloud.gov/assets/uswds-2.9.0/icon-https-c9eb76304db98232bf59e2f0937e2125d228bfb3f3fdd9130800ad93ba376dfb.svg
- https://all-sorns.app.cloud.gov/assets/uswds-2.9.0/us_flag_small-9c507b1ff21f65c4b8f0c45d0e0d0a10bb5c9864c1a76e07aa3293da574968a1.png
- ..
View the following link to download the report.
RunnerID:3353964541
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Anti-CSRF Tokens Check [20012] total: 2:
View the following link to download the report.
RunnerID:3402747521
- Site: https://all-sorns.app.cloud.gov
New Alerts- Anti-CSRF Tokens Check [20012] total: 2:
View the following link to download the report.
RunnerID:3453652165
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Content Security Policy (CSP) Header Not Set [10038] total: 1:
View the following link to download the report.
RunnerID:3667134407
- Site: https://all-sorns.app.cloud.gov
New Alerts- Content Security Policy (CSP) Header Not Set [10038] total: 1:
View the following link to download the report.
RunnerID:3722991422
- Site: https://all-sorns.app.cloud.gov
New Alerts- Source Code Disclosure - File Inclusion [43] total: 3:
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- Source Code Disclosure - File Inclusion [43] total: 3:
View the following link to download the report.
RunnerID:4214287396
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Source Code Disclosure - File Inclusion [43] total: 3:
View the following link to download the report.
RunnerID:4273092704
- Site: https://all-sorns.app.cloud.gov
New Alerts- Source Code Disclosure - File Inclusion [43] total: 4:
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- Source Code Disclosure - File Inclusion [43] total: 4:
View the following link to download the report.
RunnerID:4334122935
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Source Code Disclosure - File Inclusion [43] total: 4:
View the following link to download the report.
RunnerID:4395462687
-
Site: https://all-sorns.app.cloud.gov
New Alerts- Source Code Disclosure - File Inclusion [43] total: 1:
Resolved Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
View the following link to download the report.
RunnerID:4522513688
-
Site: https://all-sorns.app.cloud.gov
New Alerts- Content Security Policy (CSP) Header Not Set [10038] total: 1:
Resolved Alerts
- Source Code Disclosure - File Inclusion [43] total: 1:
View the following link to download the report.
RunnerID:4586601984
- Site: https://all-sorns.app.cloud.gov
New Alerts- Source Code Disclosure - File Inclusion [43] total: 1:
View the following link to download the report.
RunnerID:4711156022
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Source Code Disclosure - File Inclusion [43] total: 1:
View the following link to download the report.
RunnerID:4776115427
- Site: https://all-sorns.app.cloud.gov
New Alerts- Session Management Response Identified [10112] total: 7:
View the following link to download the report.
RunnerID:5565538957
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cookie Slack Detector [90027] total: 4:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Cookie Slack Detector [90027] total: 20:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- User Agent Fuzzer [10104] total: 53:
View the following link to download the report.
RunnerID:6399186578
- Site: https://all-sorns.app.cloud.gov
Resolved Alerts- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cookie Slack Detector [90027] total: 4:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Cookie Slack Detector [90027] total: 20:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- User Agent Fuzzer [10104] total: 53:
View the following link to download the report.
RunnerID:6399249278