⚠️ Report Disclaimer

This is a sample report provided for demonstration purposes only. Real-world reports may vary significantly based on the specific website's structure, technologies, and configurations. The actual report will be tailored to reflect the unique technical environment and vulnerabilities of each target application.

Security Testing Dashboard

Comprehensive vulnerability assessment report

Risk Score: 78/100

All Critical High Medium Low

12 Critical

Immediate action required

24 High

Priority fixes

18 Medium

Should be addressed

5 Secure

No issues detected

IG Information Gathering

DNS Information Leakage

Application Fingerprinting

AT Authentication Testing

Brute Force Vulnerable

Weak Password Policy

IV Input Validation

SQL Injection

Cross-Site Scripting (XSS)

API API Testing (WSTG-APIT)

Broken Object Authorization

Excessive Data Exposure

Vulnerability Summary

Critical

N 0 R +2 NF 0 F +3

High

N 0 R 0 NF 0 F 0

Medium

N +6 R 0 NF 0 F +3

Low

N 0 R 0 NF 0 F +2

Info

N +1 R +2 NF 0 F +27

N: New R: Reopened NF: Not Fixed F: Fixed

Filter by:

Severity:

Detected Vulnerabilities 11

TLS 1.0 outdated version

OWASP 2021-A5 CWE-326

Affected URL: New

https://example.com/admin/config.php?action=test&id=12345

Last detected: 2023-11-15 14:30:45 UTC

SQL Injection Vulnerability

OWASP 2021-A1 CWE-89

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Affected URLs (3): In Progress

https://example.com/products?id=1' OR '1'='1

Status: In Progress • 2023-11-14

https://example.com/search?query=test'); DROP TABLE users;--

Status: In Progress • 2023-11-14

Does not redirect to an HTTPS site

OWASP 2021-A2

This vulnerability is encountered when an application does not redirect to HTTPS of the same site. This vulnerability can leave the communication between the user and the website unencrypted.

Affected URLs (6): Fixed +3

http://example.com/login

Status: Fixed • 2023-11-14

http://example.com/checkout

Status: Fixed • 2023-11-14

http://example.com/profile

Status: Fixed • 2023-11-14

http://example.com/api/data

Status: New • 2023-11-15

Missing or Misconfigured DMARC record

Email Security

The absence or misconfiguration of DMARC (Domain-based Message Authentication, Reporting & Conformance) on an email domain leaves it vulnerable to email spoofing and impersonation attacks.

Domain: New

example.com (DNS record)

Last checked: 2023-11-15 14:30:45 UTC

TLS 1.0 outdated version

Impact High

Likelihood High

Severity Critical

Description

TLS(Transport Layer Security) ensures that communications are encrypted for security and privacy. There are various problems with TLS 1.0. An attacker might create connection failures and exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS) by using TLS 1.0. Also, Attackers can perform man-in-the-middle attacks and observe the encryption traffic between your website and its visitors.

Recommendation

Step 1: Check TLS Version

The first step is to check the current TLS version being used on your web application. This can be done by using an online tool such as SSL Labs or by running the following command in the terminal:

openssl s_client -connect example.com:443 -tls1

Step 2: Update TLS Version

The simplest and most effective way to mitigate this vulnerability is to update the TLS version to a more secure one, such as TLS 1.2 or 1.3.

For Apache:

Open the Apache configuration file (httpd.conf) using a text editor.
Search for the line "SSLProtocol" and change it to "SSLProtocol All -SSLv2 -SSLv3 -TLSv1".
Save the file and restart Apache.

For Nginx:

Open the Nginx configuration file (nginx.conf) using a text editor.
Search for the line "sslprotocols" and change it to "sslprotocols TLSv1.2 TLSv1.3".
Save the file and restart Nginx.

Occurrences (1)

https://example.com/ New

Description

Recommendation

Step 1: Check TLS Version

The first step is to check the current TLS version being used on your web application. This can be done by using an online tool such as SSL Labs or by running the following command in the terminal:

          
          openssl s_client -connect example.com:443 -tls1
        

Step 2: Update TLS Version

The simplest and most effective way to mitigate this vulnerability is to update the TLS version to a more secure one, such as TLS 1.2 or 1.3.

For Apache:

Open the Apache configuration file (httpd.conf) using a text editor.
Search for the line "SSLProtocol" and change it to "SSLProtocol All -SSLv2 -SSLv3 -TLSv1".
Save the file and restart Apache.

For Nginx:

Open the Nginx configuration file (nginx.conf) using a text editor.
Search for the line "sslprotocols" and change it to "sslprotocols TLSv1.2 TLSv1.3".
Save the file and restart Nginx.