From 439da3a2a92f83720c373c94c9e3b655698971ba Mon Sep 17 00:00:00 2001 From: Deepak Kumar Jha Date: Thu, 16 Nov 2023 14:54:57 +0530 Subject: [PATCH] scw-update (#394) --- .../secure-code-warrior-links.json | 68 ++++++++++++++++--- 1 file changed, 57 insertions(+), 11 deletions(-) diff --git a/third-party-mappings/remediation_training/secure-code-warrior-links.json b/third-party-mappings/remediation_training/secure-code-warrior-links.json index 2ca635dc..5c27c94d 100755 --- a/third-party-mappings/remediation_training/secure-code-warrior-links.json +++ b/third-party-mappings/remediation_training/secure-code-warrior-links.json @@ -1,6 +1,12 @@ { "server_security_misconfiguration": null, + "server_security_misconfiguration.server_side_request_forgery_ssrf": null, + "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_high_impact": null, + "server_security_misconfiguration.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": null, + "server_security_misconfiguration.server_side_request_forgery_ssrf.external_low_impact": null, + "server_security_misconfiguration.server_side_request_forgery_ssrf.external_dns_query_only": null, "server_security_misconfiguration.unsafe_cross_origin_resource_sharing": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true", + "server_security_misconfiguration.request_smuggling": null, "server_security_misconfiguration.path_traversal": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:path_traversal&redirect=true", "server_security_misconfiguration.directory_listing_enabled": null, "server_security_misconfiguration.directory_listing_enabled.sensitive_data_exposure": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:directory_listing_enabled:sensitive_data_exposure&redirect=true", @@ -90,6 +96,7 @@ "server_side_injection.parameter_pollution": null, "server_side_injection.parameter_pollution.social_media_sharing_buttons": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:parameter_pollution:social_media_sharing_buttons&redirect=true", "server_side_injection.remote_code_execution_rce": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:remote_code_execution_rce&redirect=true", + "server_side_injection.ldap_injection": null, "server_side_injection.sql_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:sql_injection&redirect=true", "server_side_injection.xml_external_entity_injection_xxe": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:xml_external_entity_injection_xxe&redirect=true", "server_side_injection.http_response_manipulation": null, @@ -99,6 +106,7 @@ "server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking": null, "server_side_injection.content_spoofing.external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:external_authentication_injection&redirect=true", "server_side_injection.content_spoofing.flash_based_external_authentication_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:flash_based_external_authentication_injection&redirect=true", + "server_side_injection.content_spoofing.html_content_injection": null, "server_side_injection.content_spoofing.email_html_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_html_injection&redirect=true", "server_side_injection.content_spoofing.email_hyperlink_injection_based_on_email_provider": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:email_hyperlink_injection_based_on_email_provider&redirect=true", "server_side_injection.content_spoofing.text_injection": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_side_injection:content_spoofing:text_injection&redirect=true", @@ -121,6 +129,7 @@ "broken_authentication_and_session_management.session_fixation.local_attack_vector": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:session_fixation:local_attack_vector&redirect=true", "broken_authentication_and_session_management.failure_to_invalidate_session": null, "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout&redirect=true", + "broken_authentication_and_session_management.failure_to_invalidate_session.permission_change": null, "broken_authentication_and_session_management.failure_to_invalidate_session.on_logout_server_side_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_logout_server_side_only&redirect=true", "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:failure_to_invalidate_session:on_password_change&redirect=true", "broken_authentication_and_session_management.failure_to_invalidate_session.all_sessions": null, @@ -132,9 +141,9 @@ "broken_authentication_and_session_management.weak_registration_implementation.over_http": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_authentication_and_session_management:weak_registration_implementation:over_http&redirect=true", "sensitive_data_exposure": null, "sensitive_data_exposure.disclosure_of_secrets": null, - "sensitive_data_exposure.pii_leakage_exposure": null, "sensitive_data_exposure.disclosure_of_secrets.for_publicly_accessible_asset": null, "sensitive_data_exposure.disclosure_of_secrets.pii_leakage_exposure": null, + "sensitive_data_exposure.disclosure_of_secrets.for_internal_asset": null, "sensitive_data_exposure.disclosure_of_secrets.pay_per_use_abuse": null, "sensitive_data_exposure.disclosure_of_secrets.intentionally_public_sample_or_invalid": null, "sensitive_data_exposure.disclosure_of_secrets.data_traffic_spam": null, @@ -182,9 +191,6 @@ "cross_site_scripting_xss.flash_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:flash_based&redirect=true", "cross_site_scripting_xss.cookie_based": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:cookie_based&redirect=true", "cross_site_scripting_xss.ie_only": null, - "cross_site_scripting_xss.ie_only.ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:ie_eleven&redirect=true", - "cross_site_scripting_xss.ie_only.xss_filter_disabled": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:xss_filter_disabled&redirect=true", - "cross_site_scripting_xss.ie_only.older_version_ie_eleven": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:ie_only:older_version_ie_eleven&redirect=true", "cross_site_scripting_xss.referer": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:referer&redirect=true", "cross_site_scripting_xss.trace_method": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:trace_method&redirect=true", "cross_site_scripting_xss.universal_uxss": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:universal_uxss&redirect=true", @@ -192,11 +198,14 @@ "cross_site_scripting_xss.off_domain.data_uri": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=cross_site_scripting_xss:off_domain:data_uri&redirect=true", "broken_access_control": null, "broken_access_control.idor": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:idor&redirect=true", - "broken_access_control.server_side_request_forgery_ssrf": null, - "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_high_impact&redirect=true", - "broken_access_control.server_side_request_forgery_ssrf.internal_scan_and_or_medium_impact": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:internal_scan_and_or_medium_impact&redirect=true", - "broken_access_control.server_side_request_forgery_ssrf.external": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:external&redirect=true", - "broken_access_control.server_side_request_forgery_ssrf.dns_query_only": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:server_side_request_forgery_ssrf:dns_query_only&redirect=true", + "broken_access_control.idor.read_edit_delete_non_sensitive_information": null, + "broken_access_control.idor.read_edit_delete_sensitive_information": null, + "broken_access_control.idor.read_edit_delete_sensitive_information.complext_object_identifiers": null, + "broken_access_control.idor.read_sensitive_information": null, + "broken_access_control.idor.read_sensitive_information.iterable_object_identifiers": null, + "broken_access_control.idor.edit_delete_sensitive_information": null, + "broken_access_control.idor.edit_delete_sensitive_information.iterable_object_identifiers": null, + "broken_access_control.idor.edit_delete_sensitive_information.read_edit_delete_sensitive_information_pii": null, "broken_access_control.username_enumeration": null, "broken_access_control.username_enumeration.non_brute_force": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:username_enumeration:non_brute_force&redirect=true", "broken_access_control.exposed_sensitive_android_intent": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_access_control:exposed_sensitive_android_intent&redirect=true", @@ -285,9 +294,46 @@ "insecure_os_firmware.hardcoded_password": null, "insecure_os_firmware.hardcoded_password.privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:privileged_user&redirect=true", "insecure_os_firmware.hardcoded_password.non_privileged_user": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=insecure_os_firmware:hardcoded_password:non_privileged_user&redirect=true", + "cryptographic_weakness": null, + "cryptographic_weakness.insufficient_entropy": null, + "cryptographic_weakness.insufficient_entropy.limited_rng_entropy_source": null, + "cryptographic_weakness.insufficient_entropy.use_of_trng_for_nonsecurity_purpose": null, + "cryptographic_weakness.insufficient_entropy.prng_seed_reuse": null, + "cryptographic_weakness.insufficient_entropy.predictable_prng_seed": null, + "cryptographic_weakness.insufficient_entropy.small_seed_space_in_prng": null, + "cryptographic_weakness.insufficient_entropy.initialization_vector_reuse": null, + "cryptographic_weakness.insufficient_entropy.predictable_initialization_vector": null, + "cryptographic_weakness.insecure_implementation": null, + "cryptographic_weakness.insecure_implementation.missing_cryptographic_step": null, + "cryptographic_weakness.insecure_implementation.improper_following_of_specification": null, + "cryptographic_weakness.weak_hash": null, + "cryptographic_weakness.weak_hash.lack_of_salt": null, + "cryptographic_weakness.weak_hash.use_of_predictable_salt": null, + "cryptographic_weakness.weak_hash.predictable_hash_collision": null, + "cryptographic_weakness.insufficient_verification_of_data_authenticity": null, + "cryptographic_weakness.insufficient_verification_of_data_authenticity.identity_check_value": null, + "cryptographic_weakness.insufficient_verification_of_data_authenticity.cryptographic_signature": null, + "cryptographic_weakness.insecure_key_generation": null, + "cryptographic_weakness.insecure_key_generation.improper_asymmetric_prime_selection": null, + "cryptographic_weakness.insecure_key_generation.improper_asymmetric_exponent_selection": null, + "cryptographic_weakness.insecure_key_generation.insufficient_key_stretching": null, + "cryptographic_weakness.insecure_key_generation.insufficient_key_space": null, + "cryptographic_weakness.insecure_key_generation.key_exchange_without_entity_authentication": null, + "cryptographic_weakness.key_reuse": null, + "cryptographic_weakness.key_reuse.lack_of_perfect_forward_secrecy": null, + "cryptographic_weakness.key_reuse.intra_environment": null, + "cryptographic_weakness.key_reuse.inter_environment": null, + "cryptographic_weakness.side_channel_attack": null, + "cryptographic_weakness.side_channel_attack.padding_oracle_attack": null, + "cryptographic_weakness.side_channel_attack.timing_attack": null, + "cryptographic_weakness.side_channel_attack.power_analysis_attack": null, + "cryptographic_weakness.side_channel_attack.emanations_attack": null, + "cryptographic_weakness.side_channel_attack.differential_fault_analysis": null, + "cryptographic_weakness.use_of_expired_cryptographic_key_or_cert": null, + "cryptographic_weakness.incomplete_cleanup_of_keying_material": null, "broken_cryptography": null, - "broken_cryptography.cryptographic_flaw": null, - "broken_cryptography.cryptographic_flaw.incorrect_usage": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=broken_cryptography:cryptographic_flaw:incorrect_usage&redirect=true", + "broken_cryptography.use_of_broken_cryptographic_primitive": null, + "broken_cryptography.use_of_vulnerable_cryptographic_library": null, "privacy_concerns": null, "privacy_concerns.unnecessary_data_collection": null, "privacy_concerns.unnecessary_data_collection.wifi_ssid_password": "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=privacy_concerns:unnecessary_data_collection:wifi_ssid_password&redirect=true",