Skip to content

Security Testing

We run a security test across user interface using a product called OWASP® Zed Attack Proxy (ZAP). These tests are slightly different from all the other tests mentioned in this document in that they take the form of tests that may be run several times against different parts of the application to ensure that the problem does not manifest itself anywhere in the application. So the total number of tests run is not the number we are really interested in but the number of requests that have been made to the application.

Total Request Count: 42242

Test TypeStrengthRequest Count
BackupFileDisclosureScanRuleMedium2701
BufferOverflowScanRuleMedium231
CloudMetadataScanRuleMedium1
CodeInjectionScanRuleMedium1848
CommandInjectionScanRuleMedium8085
CrlfInjectionScanRuleMedium1617
CrossDomainScanRuleMedium2
CrossSiteScriptingScanRuleMedium1149
DirectoryBrowsingScanRuleMedium104
DomXssScanRuleMedium2388
ElmahScanRuleMedium1
EnvFileScanRuleMedium25
ExpressionLanguageInjectionScanRuleMedium231
FormatStringScanRuleMedium693
HiddenFilesScanRuleMedium48
HttPoxyScanRuleMedium416
InsecureHttpMethodScanRuleMedium104
IntegerOverflowScanRuleMedium924
PaddingOracleScanRuleMedium48
ParameterTamperScanRuleMedium1617
PathTraversalScanRuleMedium3729
PersistentXssPrimeScanRuleMedium231
PersistentXssScanRuleMedium170
PersistentXssSpiderScanRuleMedium104
ProxyDisclosureScanRuleMedium832
RelativePathConfusionScanRuleMedium23
RemoteCodeExecutionCve20121823ScanRuleMedium208
RemoteFileIncludeScanRuleMedium2310
ServerSideIncludeScanRuleMedium924
ShellShockScanRuleMedium462
SourceCodeDisclosureCve20121823ScanRuleMedium57
SourceCodeDisclosureFileInclusionScanRuleMedium1578
SourceCodeDisclosureSvnScanRuleMedium77
SourceCodeDisclosureWebInfScanRuleMedium2
SqlInjectionMsSqlScanRuleMedium436
SqlInjectionOracleScanRuleMedium1386
SqlInjectionScanRuleMedium5553
TraceAxdScanRuleMedium26
UserAgentScanRuleMedium728
XpathInjectionScanRuleMedium693
XsltInjectionScanRuleMedium480