CWE-200 on ZAP

Admin/management path observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Android assetlinks.json observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags security-relevant well-known resources and metadata files when they appear in observed traffic.

Generated by OWASP PTK DAST Module

API docs endpoint observed

Mon, 01 Jan 0001 00:00:00 +0000

Detects exposure of API documentation, specs, and interactive consoles observed in traffic.

Generated by OWASP PTK DAST Module

Apple app-site-association observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags security-relevant well-known resources and metadata files when they appear in observed traffic.

Generated by OWASP PTK DAST Module

AWS Access Key ID pattern

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Cloud metadata IP referenced

Mon, 01 Jan 0001 00:00:00 +0000

Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.

Generated by OWASP PTK DAST Module

Content Security Policy Violations Reporting Enabled

Mon, 01 Jan 0001 00:00:00 +0000

Credit Card Number

Mon, 01 Jan 0001 00:00:00 +0000

Sensitive data is anything that should not be accessible to admin access, known as sensitive data. Sensitive data may include personally identifiable information (PII), such as Social Security numbers, financial information, or login credentials. Sensitive Data Exposure occurs when an organization unknowingly exposes sensitive data or when a security incident leads to the accidental or unlawful destruction, loss, alteration, or admin disclosure of, or access to sensitive data.

Debug/diagnostic path observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Environment hints (dev/staging/test) in response

Mon, 01 Jan 0001 00:00:00 +0000

Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.

Generated by OWASP PTK DAST Module

Environment/config file observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Exfiltration via fetch headers

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data sent in fetch() headers (e.g. Authorization, custom tokens).

Generated by OWASP PTK IAST Module

Exfiltration via fetch URL

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data used in fetch() URL, potentially exfiltrating sensitive information.

Generated by OWASP PTK IAST Module

Exfiltration via image.src beacon

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data embedded into image src URL for beacon-style exfiltration.

Generated by OWASP PTK IAST Module

Exfiltration via navigator.sendBeacon

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data sent via navigator.sendBeacon().

Generated by OWASP PTK IAST Module

Exfiltration via XMLHttpRequest body

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data sent in XMLHttpRequest.send() body.

Generated by OWASP PTK IAST Module

Exfiltration via XMLHttpRequest headers

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data sent in XMLHttpRequest.setRequestHeader() values.

Generated by OWASP PTK IAST Module

Exfiltration via XMLHttpRequest URL

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data used in XMLHttpRequest.open() URL.

Generated by OWASP PTK IAST Module

Firebase config exposed

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

GitHub token pattern

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Google API key pattern

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

GraphiQL / GraphQL Playground detected

Mon, 01 Jan 0001 00:00:00 +0000

Detects exposure of API documentation, specs, and interactive consoles observed in traffic.

Generated by OWASP PTK DAST Module

GraphQL endpoint observed

Mon, 01 Jan 0001 00:00:00 +0000

Detects exposure of API documentation, specs, and interactive consoles observed in traffic.

Generated by OWASP PTK DAST Module

GraphQL path observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

HTML references .map files

Mon, 01 Jan 0001 00:00:00 +0000

Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.

Generated by OWASP PTK DAST Module

Image Exposes Location or Privacy Data

Mon, 01 Jan 0001 00:00:00 +0000

The image was found to contain embedded location information, such as GPS coordinates, or another privacy exposure, such as camera serial number. Depending on the context of the image in the website, this information may expose private details of the users of a site. For example, a site that allows users to upload profile pictures taken in the home may expose the home’s address.

Information Disclosure - Amazon S3 Bucket URL

Mon, 01 Jan 0001 00:00:00 +0000

An Amazon S3 bucket URL was found in the HTTP response body.

Information Disclosure - Google API Key

Mon, 01 Jan 0001 00:00:00 +0000

A Google API Key was found in the HTTP response body.

Information Disclosure - IBAN Numbers

Mon, 01 Jan 0001 00:00:00 +0000

An IBAN number was discovered in the HTTP response body.

Information Disclosure - Private IP Address

Mon, 01 Jan 0001 00:00:00 +0000

A private IP such as 10.x.x.x, 172.x.x.x, 192.168.x.x or IPV6 fe00:: has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Information Disclosure - Server Header

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking version information via the ‘Server’ HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

Information Disclosure - X-Powered-By Header

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is leaking information via one or more ‘X-Powered-By’ HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

Internal IP address leaked in response

Mon, 01 Jan 0001 00:00:00 +0000

Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.

Generated by OWASP PTK DAST Module

JavaScript includes sourceMappingURL

Mon, 01 Jan 0001 00:00:00 +0000

Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.

Generated by OWASP PTK DAST Module

localhost/127.0.0.1 referenced in response

Mon, 01 Jan 0001 00:00:00 +0000

Detects internal hostnames/IPs and environment hints (staging/dev/local) disclosed in observed responses.

Generated by OWASP PTK DAST Module

Mapbox token exposed

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Next.js build metadata exposed

Mon, 01 Jan 0001 00:00:00 +0000

Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.

Generated by OWASP PTK DAST Module

OIDC well-known configuration observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags security-relevant well-known resources and metadata files when they appear in observed traffic.

Generated by OWASP PTK DAST Module

OpenAPI spec detected

Mon, 01 Jan 0001 00:00:00 +0000

Detects exposure of API documentation, specs, and interactive consoles observed in traffic.

Generated by OWASP PTK DAST Module

phpinfo endpoint observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Potential .git exposure path observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Potential backup file observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Private key material exposed

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

security.txt observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags security-relevant well-known resources and metadata files when they appear in observed traffic.

Generated by OWASP PTK DAST Module

Sentry DSN exposed

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Server is running on Clacks - GNU Terry Pratchett

Mon, 01 Jan 0001 00:00:00 +0000

The web/application server is running over the Clacks network, some say it’s turtles/IP, some say it’s turtles all the way down the layer stack.

Slack token pattern

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Social Security Number

Mon, 01 Jan 0001 00:00:00 +0000

Spring Boot actuator endpoint observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Stripe publishable key exposed

Mon, 01 Jan 0001 00:00:00 +0000

Flags secret-like tokens and exposed configuration values in observed HTML/JS/JSON responses. These are recon leads; validate sensitivity before reporting.

Generated by OWASP PTK DAST Module

Swagger UI detected

Mon, 01 Jan 0001 00:00:00 +0000

Detects exposure of API documentation, specs, and interactive consoles observed in traffic.

Generated by OWASP PTK DAST Module

Swagger/OpenAPI path observed

Mon, 01 Jan 0001 00:00:00 +0000

Flags high-value endpoint patterns observed in traffic (admin panels, debug endpoints, consoles, and backup/config file paths).

Generated by OWASP PTK DAST Module

Webpack dev-server / hot reload artifacts

Mon, 01 Jan 0001 00:00:00 +0000

Detects source map references and common debug artifacts in observed HTML/JS responses. These are high-value recon leads for code disclosure and hidden endpoints.

Generated by OWASP PTK DAST Module