ZAP Full Scan Report

[github-actions]

• Site: http://app-juice-shop.azurewebsites.net

• Site: https://app-juice-shop.azurewebsites.net
  New Alerts

  • CORS Misconfiguration [40040] total: 12:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets/public
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 3:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/sitemap.xml
  • Cross-Domain Misconfiguration [10098] total: 10:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/polyfills.js
    • ..
  • Hidden File Found [40035] total: 4:
    • https://app-juice-shop.azurewebsites.net/._darcs
    • https://app-juice-shop.azurewebsites.net/.bzr
    • https://app-juice-shop.azurewebsites.net/.hg
    • https://app-juice-shop.azurewebsites.net/BitKeeper
  • Proxy Disclosure [40025] total: 13:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets/public
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • ..
  • Cookie with SameSite Attribute None [10054] total: 2:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
  • Cookie without SameSite Attribute [10054] total: 2:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/sitemap.xml
    • ..
  • Dangerous JS Functions [10110] total: 2:
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/vendor.js
  • Deprecated Feature Policy Header Set [10063] total: 7:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/polyfills.js
    • https://app-juice-shop.azurewebsites.net/runtime.js
    • ..
  • HTTPS Content Available via HTTP [10047] total: 7:
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/polyfills.js
    • https://app-juice-shop.azurewebsites.net/robots.txt
    • https://app-juice-shop.azurewebsites.net/runtime.js
    • ..
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 6:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/sitemap.xml
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • ..
  • Strict-Transport-Security Header Not Set [10035] total: 11:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • https://app-juice-shop.azurewebsites.net/ftp
    • https://app-juice-shop.azurewebsites.net/main.js
    • ..
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://app-juice-shop.azurewebsites.net/main.js
  • Cookie Slack Detector [90027] total: 12:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets/public
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/vendor.js
  • Modern Web Application [10109] total: 3:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/sitemap.xml
  • Non-Storable Content [10049] total: 1:
    • https://app-juice-shop.azurewebsites.net/ftp
  • Re-examine Cache-control Directives [10015] total: 4:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/robots.txt
    • https://app-juice-shop.azurewebsites.net/sitemap.xml
  • Session Management Response Identified [10112] total: 2:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
  • Storable and Cacheable Content [10049] total: 1:
    • https://app-juice-shop.azurewebsites.net/robots.txt
  • Storable but Non-Cacheable Content [10049] total: 9:
    • https://app-juice-shop.azurewebsites.net
    • https://app-juice-shop.azurewebsites.net/
    • https://app-juice-shop.azurewebsites.net/assets/public/favicon_js.ico
    • https://app-juice-shop.azurewebsites.net/main.js
    • https://app-juice-shop.azurewebsites.net/polyfills.js
    • ..
  • User Agent Fuzzer [10104] total: 24:
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets
    • https://app-juice-shop.azurewebsites.net/assets
    • ..

View the following link to download the report.
RunnerID:14578933051

---

ZAP by Checkmarx