Business Logic Issues

 Sensitive Data Leakage
 Response Manipulation
 Transaction Manipulation
 Abuse of Functionality
 Insufficient Process Validation
 Predictable Resource Location
 Weak Password Recovery Validation
 User Account Hijack
 Escalation of User Privilege
 Insufficient Spam Detection
 Misleading Audit Trails

Insecure Configuration

 SSL Misconfiguration
 S3 Bucket Misconfiguration
 CORS Misconfiguration
 CMS Misconfiguration
 Sub-Domain Takeover
 Git Repository Misconfiguration
 Improper File System Permission
 Directory Listing Enabled
 Insufficient Error/Exception Handling


 JWT Token misconfiguration
 Session Fixation
 Credential/Session Prediction
 Concurrent Login
 Client Side Verification Bypass
 Multi Factor Authentication Bypass
 Captcha Bypass on Sensitive Pages
 Access Control Bypass
 Cryptographic Strength Validation

Other Vulnerabilities

 Server/service fingerprinting
 Default passwords
 Backup / Sensitive files Security Vulnerability
 Code Execution Vulnerability
 Directory Traversal
 Local / Remote File inclusion
 Path disclosure
 Possible sensitive files
 Sensitive data not encrypted
 Source code disclosure

WASC Classification

 Brute Force
 Buffer Overflow
 Credential / Session Prediction
 HTTP Response Splitting
 Integer Overflows
 Null Byte Injection
 Session Fixation
 Server Misconfiguration

Security Brigade a CERT-In empanelled founded on the core belief that “Great audits are done by great auditors – not expensive tools”. Our proprietary E.D.I.T.E platform provides a workflow based testing engine that encapsulates the complete audit process. It allows expert auditors to focus on in-depth manual testing while assisted by a combination of proprietary, open-source and commercial technology.