ZAP Full Scan Report

Question

ZAP Full Scan Report

Closed this issue 2 months ago · 32 comments

github-actions commented 2 years ago

Site: https://all-sorns.app.cloud.gov
New Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/
- Anti-CSRF Tokens Check [20012] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- Proxy Disclosure [40025] total: 26:
- Cookie Slack Detector [90027] total: 1:
  - https://all-sorns.app.cloud.gov/packs/js
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://all-sorns.app.cloud.gov/assets/Download_Icon-af54beabd4438b8ee0eb240a600dbdfb982d13138f707d28c4daba6d5e2d0746.svg
- Cookie Slack Detector [90027] total: 23:
- Information Disclosure - Suspicious Comments [10027] total: 2:
  - https://all-sorns.app.cloud.gov/packs/js/application-eafc0559af8e7bd9d377.js
  - https://all-sorns.app.cloud.gov/packs/js/beforeSearch-bcf76adfdf6994abdb75.js
- Modern Web Application [10109] total: 6:
- Re-examine Cache-control Directives [10015] total: 5:
- User Agent Fuzzer [10104] total: 32:

View the following link to download the report.
RunnerID:2288375358

Answer 1 · 2022-05-11T14:10:06.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:2307564065

Answer 2 · 2022-05-22T03:27:42.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 2:
  - https://all-sorns.app.cloud.gov/about
  - https://all-sorns.app.cloud.gov/assets/PrvOps_SornDash_Help_01-edfb9eae60c023f70946a812a5b4058df1c8e475b2d7cf1cfc984691dcfacbf2.svg

View the following link to download the report.
RunnerID:2365124637

Answer 3 · 2022-05-25T18:00:40.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 2:

View the following link to download the report.
RunnerID:2386159159

Answer 4 · 2022-05-25T18:27:32.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://all-sorns.app.cloud.gov/

View the following link to download the report.
RunnerID:2386289050

Answer 5 · 2022-06-05T03:37:09.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:2441761561

Answer 6 · 2022-06-12T03:45:16.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 2:
  - https://all-sorns.app.cloud.gov/
  - https://all-sorns.app.cloud.gov/about

View the following link to download the report.
RunnerID:2482138072

Answer 7 · 2022-06-19T03:49:36.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 2:

View the following link to download the report.
RunnerID:2522625842

Answer 8 · 2022-06-26T03:39:28.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://all-sorns.app.cloud.gov/assets/uswds-2.9.0/icon-dot-gov-769bd5f6cbe7cf48452e9e46c126bc1390b26ee14740883d80fe956e7dbfae3c.svg

View the following link to download the report.
RunnerID:2562820959

Answer 9 · 2022-07-03T03:50:26.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:2603719591

Answer 10 · 2022-07-17T03:45:43.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://all-sorns.app.cloud.gov/sitemap.xml

View the following link to download the report.
RunnerID:2684111922

Answer 11 · 2022-07-29T18:13:07.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:2762388263

Answer 12 · 2022-07-31T03:40:28.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Timestamp Disclosure - Unix [10096] total: 3:

View the following link to download the report.
RunnerID:2768091159

Answer 13 · 2022-08-07T03:35:38.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 3:

View the following link to download the report.
RunnerID:2811193710

Answer 14 · 2022-08-14T03:39:29.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:

View the following link to download the report.
RunnerID:2854315535

Answer 15 · 2022-08-21T03:53:54.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://all-sorns.app.cloud.gov

View the following link to download the report.
RunnerID:2897045119

Answer 16 · 2022-09-11T04:04:41.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:3030406625

Answer 17 · 2022-10-30T03:55:19.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Dangerous JS Functions [10110] total: 2:
  - https://all-sorns.app.cloud.gov/packs/js/application-db8d921ba420fccabf15.js
  - https://all-sorns.app.cloud.gov/packs/js/beforeSearch-d77173b97d059bbd06ad.js
- Permissions Policy Header Not Set [10063] total: 7:
- Non-Storable Content [10049] total: 4:
- Storable and Cacheable Content [10049] total: 7:

View the following link to download the report.
RunnerID:3353964541

Answer 18 · 2022-11-06T03:44:07.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Anti-CSRF Tokens Check [20012] total: 2:

View the following link to download the report.
RunnerID:3402747521

Answer 19 · 2022-11-13T03:46:14.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Anti-CSRF Tokens Check [20012] total: 2:
  - https://all-sorns.app.cloud.gov
  - https://all-sorns.app.cloud.gov/

View the following link to download the report.
RunnerID:3453652165

Answer 20 · 2022-12-11T03:22:20.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:

View the following link to download the report.
RunnerID:3667134407

Answer 21 · 2022-12-18T03:16:49.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP

View the following link to download the report.
RunnerID:3722991422

Answer 22 · 2023-02-19T03:21:06.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Source Code Disclosure - File Inclusion [43] total: 3:

View the following link to download the report.
RunnerID:4214287396

Answer 23 · 2023-02-26T03:25:42.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Source Code Disclosure - File Inclusion [43] total: 3:

View the following link to download the report.
RunnerID:4273092704

Answer 24 · 2023-03-05T03:27:15.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Source Code Disclosure - File Inclusion [43] total: 4:

View the following link to download the report.
RunnerID:4334122935

Answer 25 · 2023-03-12T03:17:34.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Source Code Disclosure - File Inclusion [43] total: 4:

View the following link to download the report.
RunnerID:4395462687

Answer 26 · 2023-03-26T03:15:23.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Source Code Disclosure - File Inclusion [43] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
Resolved Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:

View the following link to download the report.
RunnerID:4522513688

Answer 27 · 2023-04-02T03:16:24.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search&starting_year=ZAP
Resolved Alerts
- Source Code Disclosure - File Inclusion [43] total: 1:

View the following link to download the report.
RunnerID:4586601984

Answer 28 · 2023-04-16T03:15:59.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Source Code Disclosure - File Inclusion [43] total: 1:
  - https://all-sorns.app.cloud.gov/search?agencies%5B%5D=Administration+For+Children+And+Families&ending_year=ZAP&fields%5B%5D=agency_names&search=ZAP&starting_year=ZAP

View the following link to download the report.
RunnerID:4711156022

Answer 29 · 2023-04-23T03:16:46.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Source Code Disclosure - File Inclusion [43] total: 1:

View the following link to download the report.
RunnerID:4776115427

Answer 30 · 2023-07-16T03:30:01.000Z

Site: https://all-sorns.app.cloud.gov
New Alerts
- Session Management Response Identified [10112] total: 7:

View the following link to download the report.
RunnerID:5565538957

Answer 31 · 2023-10-03T22:41:40.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cookie Slack Detector [90027] total: 4:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Cookie Slack Detector [90027] total: 20:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- User Agent Fuzzer [10104] total: 53:

View the following link to download the report.
RunnerID:6399186578

Answer 32 · 2023-10-03T22:51:39.000Z

Site: https://all-sorns.app.cloud.gov
Resolved Alerts
- Absence of Anti-CSRF Tokens [10202] total: 2:
- Anti-CSRF Tokens Check [20012] total: 2:
- CSP: Wildcard Directive [10055] total: 5:
- Content Security Policy (CSP) Header Not Set [10038] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 8:
- Cookie Slack Detector [90027] total: 4:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 8:
- Dangerous JS Functions [10110] total: 2:
- Permissions Policy Header Not Set [10063] total: 7:
- Cookie Slack Detector [90027] total: 20:
- Information Disclosure - Suspicious Comments [10027] total: 2:
- Modern Web Application [10109] total: 4:
- Re-examine Cache-control Directives [10015] total: 5:
- Session Management Response Identified [10112] total: 7:
- User Agent Fuzzer [10104] total: 53:

View the following link to download the report.
RunnerID:6399249278