Confirmed users
133
edits
User:Tritter/Working/Web Security Severity Ratings: Difference between revisions
User:Tritter/Working/Web Security Severity Ratings (view source)
Revision as of 11:16, 12 February 2020
, 12 February 2020Tweaked the XSS examples
(Revamp - remove unrelated content and add missing wsec- descriptions) |
(Tweaked the XSS examples) |
||
| Line 19: | Line 19: | ||
* Authentication Flaws (which lead to account compromise) | * Authentication Flaws (which lead to account compromise) | ||
* Session Management Flaws (which lead to account compromise) | * Session Management Flaws (which lead to account compromise) | ||
* Cross-site Scripting (XSS) on a [https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/#critical-sites Critical Site] | * Stored Cross-site Scripting (XSS) | ||
* Reflected XSS on a [https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/#critical-sites Critical Site] | |||
|} | |} | ||
| Line 27: | Line 28: | ||
|- | |- | ||
| | | | ||
* XSS | * Reflected XSS on a non Critical or Core site | ||
* CSRF | * CSRF | ||
* Failure to use TLS where needed to ensure confidential/security | * Failure to use TLS where needed to ensure confidential/security | ||
| Line 37: | Line 38: | ||
|- | |- | ||
| | | | ||
* XSS blocked by CSP | |||
* Detection of arbitrary local files | * Detection of arbitrary local files | ||
* Missing Additional Security Controls (x-frame options, SECURE/HTTPOnly flags, etc) | * Missing Additional Security Controls (x-frame options, SECURE/HTTPOnly flags, etc) | ||