{
"metadata": { "release_date": "2017-02-17T00:00:00+00:00" }, "content": [ { "id": "server_security_misconfiguration", "name": "Server Security Misconfiguration", "type": "category", "children": [ { "id": "unsafe_cross_origin_resource_sharing", "name": "Unsafe Cross-Origin Resource Sharing", "type": "subcategory", "priority": null }, { "id": "same_site_scripting", "name": "Same-Site Scripting", "type": "subcategory", "priority": 5 }, { "id": "ssl_attack_breach_poodle_etc", "name": "SSL Attack (BREACH, POODLE etc.)", "type": "subcategory", "priority": null }, { "id": "using_default_credentials", "name": "Using Default Credentials", "type": "subcategory", "children": [ { "id": "production_server", "name": "Production Server", "type": "variant", "priority": 1 }, { "id": "staging_development_server", "name": "Staging/Development Server", "type": "variant", "priority": 2 } ] }, { "id": "misconfigured_dns", "name": "Misconfigured DNS", "type": "subcategory", "children": [ { "id": "subdomain_takeover", "name": "Subdomain Takeover", "type": "variant", "priority": 2 } ] }, { "id": "mail_server_misconfiguration", "name": "Mail Server Misconfiguration", "type": "subcategory", "children": [ { "id": "missing_spf_on_email_domain", "name": "Missing SPF on Email Domain", "type": "variant", "priority": 3 }, { "id": "email_spoofable_via_third_party_api_misconfiguration", "name": "Email Spoofable Via Third-Party API Misconfiguration", "type": "variant", "priority": 3 }, { "id": "missing_spf_on_non_email_domain", "name": "Missing SPF on Non-Email Domain", "type": "variant", "priority": 5 }, { "id": "spf_uses_a_soft_fail", "name": "SPF Uses a Soft Fail", "type": "variant", "priority": 5 }, { "id": "spf_includes_10_lookups", "name": "SPF Includes > 10 Lookups", "type": "variant", "priority": 5 }, { "id": "missing_dmarc", "name": "Missing DMARC", "type": "variant", "priority": 5 } ] }, { "id": "lack_of_password_confirmation", "name": "Lack of Password Confirmation", "type": "subcategory", "children": [ { "id": "change_email_address", "name": "Change Email Address", "type": "variant", "priority": 4 }, { "id": "change_password", "name": "Change Password", "type": "variant", "priority": 4 }, { "id": "delete_account", "name": "Delete Account", "type": "variant", "priority": 4 } ] }, { "id": "no_rate_limiting_on_form", "name": "No Rate Limiting on Form", "type": "subcategory", "children": [ { "id": "registration", "name": "Registration", "type": "variant", "priority": 4 }, { "id": "login", "name": "Login", "type": "variant", "priority": 3 }, { "id": "email_triggering", "name": "Email-Triggering", "type": "variant", "priority": 4 } ] }, { "id": "unsafe_file_upload", "name": "Unsafe File Upload", "type": "subcategory", "children": [ { "id": "no_antivirus", "name": "No Antivirus", "type": "variant", "priority": 4 }, { "id": "no_size_limit", "name": "No Size Limit", "type": "variant", "priority": 4 }, { "id": "file_extension_filter_bypass", "name": "File Extension Filter Bypass", "type": "variant", "priority": 5 } ] }, { "id": "missing_secure_or_httponly_cookie_flag", "name": "Missing Secure or HTTPOnly Cookie Flag", "type": "subcategory", "children": [ { "id": "session_token", "name": "Session Token", "type": "variant", "priority": 4 }, { "id": "non_session_cookie", "name": "Non-Session Cookie", "type": "variant", "priority": 5 } ] }, { "id": "clickjacking", "name": "Clickjacking", "type": "subcategory", "children": [ { "id": "sensitive_action", "name": "Sensitive Action", "type": "variant", "priority": 4 }, { "id": "non_sensitive_action", "name": "Non-Sensitive Action", "type": "variant", "priority": 5 } ] }, { "id": "oauth_misconfiguration", "name": "OAuth Misconfiguration", "type": "subcategory", "children": [ { "id": "missing_state_parameter", "name": "Missing State Parameter", "type": "variant", "priority": 4 } ] }, { "id": "captcha_bypass", "name": "Captcha Bypass", "type": "subcategory", "children": [ { "id": "implementation_vulnerability", "name": "Implementation Vulnerability", "type": "variant", "priority": 4 }, { "id": "brute_force", "name": "Brute Force", "type": "variant", "priority": 5 } ] }, { "id": "exposed_admin_portal", "name": "Exposed Admin Portal", "type": "subcategory", "children": [ { "id": "to_internet", "name": "To Internet", "type": "variant", "priority": 5 } ] }, { "id": "missing_dnssec", "name": "Missing DNSSEC", "type": "subcategory", "priority": 5 }, { "id": "username_enumeration", "name": "Username Enumeration", "type": "subcategory", "children": [ { "id": "brute_force", "name": "Brute Force", "type": "variant", "priority": 5 } ] }, { "id": "potentially_unsafe_http_method_enabled", "name": "Potentially Unsafe HTTP Method Enabled", "type": "subcategory", "children": [ { "id": "options", "name": "OPTIONS", "type": "variant", "priority": 5 }, { "id": "trace", "name": "TRACE", "type": "variant", "priority": 5 } ] }, { "id": "insecure_ssl", "name": "Insecure SSL", "type": "subcategory", "children": [ { "id": "lack_of_forward_secrecy", "name": "Lack of Forward Secrecy", "type": "variant", "priority": 5 }, { "id": "insecure_cipher_suite", "name": "Insecure Cipher Suite", "type": "variant", "priority": 5 } ] }, { "id": "lack_of_security_headers", "name": "Lack of Security Headers", "type": "subcategory", "children": [ { "id": "x_frame_options", "name": "X-Frame-Options", "type": "variant", "priority": 5 }, { "id": "cache_control_for_a_non_sensitive_page", "name": "Cache-Control for a Non-Sensitive Page", "type": "variant", "priority": 5 }, { "id": "x_xss_protection", "name": "X-XSS-Protection", "type": "variant", "priority": 5 }, { "id": "strict_transport_security", "name": "Strict-Transport-Security", "type": "variant", "priority": 5 }, { "id": "x_content_type_options", "name": "X-Content-Type-Options", "type": "variant", "priority": 5 }, { "id": "content_security_policy", "name": "Content-Security-Policy", "type": "variant", "priority": 5 }, { "id": "public_key_pins", "name": "Public-Key-Pins", "type": "variant", "priority": 5 }, { "id": "x_content_security_policy", "name": "X-Content-Security-Policy", "type": "variant", "priority": 5 }, { "id": "x_webkit_csp", "name": "X-Webkit-CSP", "type": "variant", "priority": 5 }, { "id": "content_security_policy_report_only", "name": "Content-Security-Policy-Report-Only", "type": "variant", "priority": 5 }, { "id": "cache_control_for_a_sensitive_page", "name": "Cache-Control for a Sensitive Page", "type": "variant", "priority": 4 } ] } ] }, { "id": "server_side_injection", "name": "Server-Side Injection", "type": "category", "children": [ { "id": "file_inclusion", "name": "File Inclusion", "type": "subcategory", "children": [ { "id": "local", "name": "Local", "type": "variant", "priority": 1 } ] }, { "id": "parameter_pollution", "name": "Parameter Pollution", "type": "subcategory", "children": [ { "id": "social_media_sharing_buttons", "name": "Social Media Sharing Buttons", "type": "variant", "priority": 5 } ] }, { "id": "remote_code_execution_rce", "name": "Remote Code Execution (RCE)", "type": "subcategory", "priority": 1 }, { "id": "sql_injection", "name": "SQL Injection", "type": "subcategory", "children": [ { "id": "error_based", "name": "Error-Based", "type": "variant", "priority": 1 }, { "id": "blind", "name": "Blind", "type": "variant", "priority": 1 } ] }, { "id": "xml_external_entity_injection_xxe", "name": "XML External Entity Injection (XXE)", "type": "subcategory", "priority": 1 }, { "id": "http_response_manipulation", "name": "HTTP Response Manipulation", "type": "subcategory", "children": [ { "id": "response_splitting_crlf", "name": "Response Splitting (CRLF)", "type": "variant", "priority": 3 } ] }, { "id": "content_spoofing", "name": "Content Spoofing", "type": "subcategory", "children": [ { "id": "iframe_injection", "name": "iframe Injection", "type": "variant", "priority": 3 }, { "id": "external_authentication_injection", "name": "External Authentication Injection", "type": "variant", "priority": 4 }, { "id": "email_html_injection", "name": "Email HTML Injection", "type": "variant", "priority": 4 }, { "id": "text_injection", "name": "Text Injection", "type": "variant", "priority": 5 }, { "id": "homograph_idn_based", "name": "Homograph/IDN-Based", "type": "variant", "priority": 5 } ] } ] }, { "id": "broken_authentication_and_session_management", "name": "Broken Authentication and Session Management", "type": "category", "children": [ { "id": "authentication_bypass", "name": "Authentication Bypass", "type": "subcategory", "children": [ { "id": "vertical", "name": "Vertical", "type": "variant", "priority": 1 }, { "id": "horizontal", "name": "Horizontal", "type": "variant", "priority": 2 } ] }, { "id": "weak_login_function", "name": "Weak Login Function", "type": "subcategory", "children": [ { "id": "over_http", "name": "Over HTTP", "type": "variant", "priority": 3 } ] }, { "id": "session_fixation", "name": "Session Fixation", "type": "subcategory", "priority": 3 }, { "id": "failure_to_invalidate_session", "name": "Failure to Invalidate Session", "type": "subcategory", "children": [ { "id": "on_logout", "name": "On Logout", "type": "variant", "priority": 4 }, { "id": "on_password_reset", "name": "On Password Reset", "type": "variant", "priority": 4 }, { "id": "on_password_change", "name": "On Password Change", "type": "variant", "priority": 4 }, { "id": "all_sessions", "name": "All Sessions", "type": "variant", "priority": 5 }, { "id": "on_email_change", "name": "On Email Change", "type": "variant", "priority": 5 }, { "id": "long_timeout", "name": "Long Timeout", "type": "variant", "priority": 5 } ] }, { "id": "session_token_in_url", "name": "Session Token in URL", "type": "subcategory", "children": [ { "id": "over_http", "name": "Over HTTP", "type": "variant", "priority": 4 }, { "id": "over_https", "name": "Over HTTPS", "type": "variant", "priority": 5 } ] }, { "id": "concurrent_logins", "name": "Concurrent Logins", "type": "subcategory", "priority": 5 }, { "id": "weak_registration_implementation", "name": "Weak Registration Implementation", "type": "subcategory", "children": [ { "id": "over_http", "name": "Over HTTP", "type": "variant", "priority": 4 } ] } ] }, { "id": "insecure_direct_object_references_idor", "name": "Insecure Direct Object References (IDOR)", "type": "category", "priority": null }, { "id": "sensitive_data_exposure", "name": "Sensitive Data Exposure", "type": "category", "children": [ { "id": "critically_sensitive_data", "name": "Critically Sensitive Data", "type": "subcategory", "children": [ { "id": "password_disclosure", "name": "Password Disclosure", "type": "variant", "priority": 1 }, { "id": "private_api_keys", "name": "Private API Keys", "type": "variant", "priority": 1 } ] }, { "id": "exif_geolocation_data_not_stripped_from_uploaded_images", "name": "EXIF Geolocation Data Not Stripped From Uploaded Images", "type": "subcategory", "children": [ { "id": "automatic_user_enumeration", "name": "Automatic User Enumeration", "type": "variant", "priority": 3 }, { "id": "manual_user_enumeration", "name": "Manual User Enumeration", "type": "variant", "priority": 4 } ] }, { "id": "visible_detailed_error_page", "name": "Visible Detailed Error Page", "type": "subcategory", "priority": null }, { "id": "disclosure_of_known_public_information", "name": "Disclosure of Known Public Information", "type": "subcategory", "priority": 5 }, { "id": "token_leakage_via_referer", "name": "Token Leakage via Referer", "type": "subcategory", "children": [ { "id": "over_https", "name": "Over HTTPS", "type": "variant", "priority": 5 }, { "id": "over_http", "name": "Over HTTP", "type": "variant", "priority": 4 } ] }, { "id": "sensitive_token_in_url", "name": "Sensitive Token in URL", "type": "subcategory", "priority": 4 }, { "id": "weak_password_reset_implementation", "name": "Weak Password Reset Implementation", "type": "subcategory", "children": [ { "id": "password_reset_token_sent_over_http", "name": "Password Reset Token Sent Over HTTP", "type": "variant", "priority": 4 } ] }, { "id": "mixed_content", "name": "Mixed Content", "type": "subcategory", "children": [ { "id": "sensitive_data_disclosure", "name": "Sensitive Data Disclosure", "type": "variant", "priority": 4 }, { "id": "requires_being_a_man_in_the_middle", "name": "Requires Being a Man-in-the-Middle", "type": "variant", "priority": 5 } ] }, { "id": "sensitive_data_hardcoded", "name": "Sensitive Data Hardcoded", "type": "subcategory", "children": [ { "id": "oauth_secret", "name": "OAuth Secret", "type": "variant", "priority": 5 }, { "id": "file_paths", "name": "File Paths", "type": "variant", "priority": 5 } ] }, { "id": "non_sensitive_token_in_url", "name": "Non-Sensitive Token in URL", "type": "subcategory", "priority": 5 } ] }, { "id": "cross_site_scripting_xss", "name": "Cross-Site Scripting (XSS)", "type": "category", "children": [ { "id": "stored", "name": "Stored", "type": "subcategory", "children": [ { "id": "non_admin_to_anyone", "name": "Non-Admin to Anyone", "type": "variant", "priority": 2 }, { "id": "admin_to_anyone", "name": "Admin to Anyone", "type": "variant", "priority": 3 }, { "id": "self", "name": "Self", "type": "variant", "priority": 5 } ] }, { "id": "reflected", "name": "Reflected", "type": "subcategory", "children": [ { "id": "non_admin_to_anyone", "name": "Non-Admin to Anyone", "type": "variant", "priority": 3 }, { "id": "admin_to_anyone", "name": "Admin to Anyone", "type": "variant", "priority": 4 }, { "id": "self", "name": "Self", "type": "variant", "priority": 5 } ] }, { "id": "cookie_based", "name": "Cookie-Based", "type": "subcategory", "priority": 4 }, { "id": "ie_only", "name": "IE-Only", "type": "subcategory", "children": [ { "id": "older_version_ie_10_11", "name": "Older Version (IE 10/11)", "type": "variant", "priority": 4 }, { "id": "xss_filter_disabled", "name": "XSS Filter Disabled", "type": "variant", "priority": 5 }, { "id": "older_version_ie10", "name": "Older Version (< IE10)", "type": "variant", "priority": 5 } ] }, { "id": "referer", "name": "Referer", "type": "subcategory", "priority": 4 }, { "id": "trace_method", "name": "TRACE Method", "type": "subcategory", "priority": 5 }, { "id": "universal_uxss", "name": "Universal (UXSS)", "type": "subcategory", "priority": 4 }, { "id": "off_domain", "name": "Off-Domain", "type": "subcategory", "children": [ { "id": "data_uri", "name": "Data URI", "type": "variant", "priority": 4 } ] } ] }, { "id": "missing_function_level_access_control", "name": "Missing Function Level Access Control", "type": "category", "children": [ { "id": "server_side_request_forgery_ssrf", "name": "Server-Side Request Forgery (SSRF)", "type": "subcategory", "children": [ { "id": "internal", "name": "Internal", "type": "variant", "priority": 2 }, { "id": "external", "name": "External", "type": "variant", "priority": 4 } ] }, { "id": "username_enumeration", "name": "Username Enumeration", "type": "subcategory", "children": [ { "id": "data_leak", "name": "Data Leak", "type": "variant", "priority": 4 } ] }, { "id": "exposed_sensitive_android_intent", "name": "Exposed Sensitive Android Intent", "type": "subcategory", "priority": null }, { "id": "exposed_sensitive_ios_url_scheme", "name": "Exposed Sensitive iOS URL Scheme", "type": "subcategory", "priority": null } ] }, { "id": "cross_site_request_forgery_csrf", "name": "Cross-Site Request Forgery (CSRF)", "type": "category", "priority": null }, { "id": "application_level_denial_of_service_dos", "name": "Application-Level Denial-of-Service (DoS)", "type": "category", "children": [ { "id": "critical_impact_and_or_easy_difficulty", "name": "Critical Impact and/or Easy Difficulty", "type": "subcategory", "priority": 2 }, { "id": "high_impact_and_or_medium_difficulty", "name": "High Impact and/or Medium Difficulty", "type": "subcategory", "priority": 3 }, { "id": "app_crash", "name": "App Crash", "type": "subcategory", "children": [ { "id": "malformed_android_intents", "name": "Malformed Android Intents", "type": "variant", "priority": 5 }, { "id": "malformed_ios_url_schemes", "name": "Malformed iOS URL Schemes", "type": "variant", "priority": 5 } ] } ] }, { "id": "unvalidated_redirects_and_forwards", "name": "Unvalidated Redirects and Forwards", "type": "category", "children": [ { "id": "open_redirect", "name": "Open Redirect", "type": "subcategory", "children": [ { "id": "get_based_all_users", "name": "GET-Based (All Users)", "type": "variant", "priority": 3 }, { "id": "get_based_authenticated", "name": "GET-Based (Authenticated)", "type": "variant", "priority": 4 }, { "id": "get_based_unauthenticated", "name": "GET-Based (Unauthenticated)", "type": "variant", "priority": 4 }, { "id": "post_based", "name": "POST-Based", "type": "variant", "priority": 5 }, { "id": "header_based", "name": "Header-Based", "type": "variant", "priority": 5 } ] }, { "id": "tabnabbing", "name": "Tabnabbing", "type": "subcategory", "priority": 5 }, { "id": "lack_of_security_speed_bump_page", "name": "Lack of Security Speed Bump Page", "type": "subcategory", "priority": 5 } ] }, { "id": "external_behavior", "name": "External Behavior", "type": "category", "children": [ { "id": "browser_feature", "name": "Browser Feature", "type": "subcategory", "children": [ { "id": "plaintext_password_field", "name": "Plaintext Password Field", "type": "variant", "priority": 5 }, { "id": "save_password", "name": "Save Password", "type": "variant", "priority": 5 }, { "id": "autocomplete_enabled", "name": "Autocomplete Enabled", "type": "variant", "priority": 5 }, { "id": "autocorrect_enabled", "name": "Autocorrect Enabled", "type": "variant", "priority": 5 }, { "id": "aggressive_offline_caching", "name": "Aggressive Offline Caching", "type": "variant", "priority": 5 } ] }, { "id": "csv_injection", "name": "CSV Injection", "type": "subcategory", "priority": 5 }, { "id": "captcha_bypass", "name": "Captcha Bypass", "type": "subcategory", "children": [ { "id": "crowdsourcing", "name": "Crowdsourcing", "type": "variant", "priority": 5 } ] }, { "id": "system_clipboard_leak", "name": "System Clipboard Leak", "type": "subcategory", "children": [ { "id": "shared_links", "name": "Shared Links", "type": "variant", "priority": 5 } ] }, { "id": "user_password_persisted_in_memory", "name": "User Password Persisted in Memory", "type": "subcategory", "priority": 5 } ] }, { "id": "insufficient_security_configurability", "name": "Insufficient Security Configurability", "type": "category", "children": [ { "id": "weak_password_policy", "name": "Weak Password Policy", "type": "subcategory", "children": [ { "id": "complexity_both_length_and_char_type_not_enforced", "name": "Complexity, Both Length and Char Type Not Enforced", "type": "variant", "priority": 3 }, { "id": "complexity_length_not_enforced", "name": "Complexity, Length Not Enforced", "type": "variant", "priority": 4 }, { "id": "complexity_char_type_not_enforced", "name": "Complexity, Char Type Not Enforced", "type": "variant", "priority": 4 }, { "id": "allows_reuse_of_old_passwords", "name": "Allows Reuse of Old Passwords", "type": "variant", "priority": 5 }, { "id": "allows_password_to_be_same_as_email_username", "name": "Allows Password to be Same as Email/Username", "type": "variant", "priority": 5 } ] }, { "id": "weak_password_reset_implementation", "name": "Weak Password Reset Implementation", "type": "subcategory", "children": [ { "id": "token_is_not_invalidated_after_use", "name": "Token is Not Invalidated After Use", "type": "variant", "priority": 4 }, { "id": "token_is_not_invalidated_after_email_change", "name": "Token is Not Invalidated After Email Change", "type": "variant", "priority": 5 }, { "id": "token_is_not_invalidated_after_password_change", "name": "Token is Not Invalidated After Password Change", "type": "variant", "priority": 5 }, { "id": "token_has_long_timed_expiry", "name": "Token Has Long Timed Expiry", "type": "variant", "priority": 5 }, { "id": "token_is_not_invalidated_after_new_token_is_requested", "name": "Token is Not Invalidated After New Token is Requested", "type": "variant", "priority": 5 } ] }, { "id": "lack_of_verification_email", "name": "Lack of Verification Email", "type": "subcategory", "priority": 5 }, { "id": "lack_of_notification_email", "name": "Lack of Notification Email", "type": "subcategory", "priority": 5 }, { "id": "weak_registration_implementation", "name": "Weak Registration Implementation", "type": "subcategory", "children": [ { "id": "allows_disposable_email_addresses", "name": "Allows Disposable Email Addresses", "type": "variant", "priority": 5 } ] }, { "id": "weak_2fa_implementation", "name": "Weak 2FA Implementation", "type": "subcategory", "children": [ { "id": "missing_failsafe", "name": "Missing Failsafe", "type": "variant", "priority": 5 } ] } ] }, { "id": "using_components_with_known_vulnerabilities", "name": "Using Components with Known Vulnerabilities", "type": "category", "children": [ { "id": "rosetta_flash", "name": "Rosetta Flash", "type": "subcategory", "priority": 4 }, { "id": "outdated_software_version", "name": "Outdated Software Version", "type": "subcategory", "priority": 5 }, { "id": "captcha_bypass", "name": "Captcha Bypass", "type": "subcategory", "children": [ { "id": "ocr_optical_character_recognition", "name": "OCR (Optical Character Recognition)", "type": "variant", "priority": 5 } ] } ] }, { "id": "insecure_data_storage", "name": "Insecure Data Storage", "type": "category", "children": [ { "id": "credentials_stored_unencrypted", "name": "Credentials Stored Unencrypted", "type": "subcategory", "children": [ { "id": "on_external_storage", "name": "On External Storage", "type": "variant", "priority": 4 }, { "id": "on_internal_storage", "name": "On Internal Storage", "type": "variant", "priority": 5 } ] }, { "id": "sensitive_application_data_stored_unencrypted", "name": "Sensitive Application Data Stored Unencrypted", "type": "subcategory", "children": [ { "id": "on_external_storage", "name": "On External Storage", "type": "variant", "priority": 4 }, { "id": "on_internal_storage", "name": "On Internal Storage", "type": "variant", "priority": 5 } ] }, { "id": "non_sensitive_application_data_stored_unencrypted", "name": "Non-Sensitive Application Data Stored Unencrypted", "type": "subcategory", "priority": 5 }, { "id": "screen_caching_enabled", "name": "Screen Caching Enabled", "type": "subcategory", "priority": 5 }, { "id": "insecure_data_storage", "name": "Insecure Data Storage", "type": "subcategory", "children": [ { "id": "password", "name": "Password", "type": "variant", "priority": 2 } ] } ] }, { "id": "lack_of_binary_hardening", "name": "Lack of Binary Hardening", "type": "category", "children": [ { "id": "lack_of_exploit_mitigations", "name": "Lack of Exploit Mitigations", "type": "subcategory", "priority": 5 }, { "id": "lack_of_jailbreak_detection", "name": "Lack of Jailbreak Detection", "type": "subcategory", "priority": 5 }, { "id": "lack_of_obfuscation", "name": "Lack of Obfuscation", "type": "subcategory", "priority": 5 }, { "id": "runtime_instrumentation_based", "name": "Runtime Instrumentation-Based", "type": "subcategory", "priority": 5 } ] }, { "id": "insecure_data_transport", "name": "Insecure Data Transport", "type": "category", "children": [ { "id": "ssl_certificate_pinning", "name": "SSL Certificate Pinning", "type": "subcategory", "children": [ { "id": "absent", "name": "Absent", "type": "variant", "priority": 5 }, { "id": "defeatable", "name": "Defeatable", "type": "variant", "priority": 5 } ] } ] }, { "id": "insecure_os_firmware", "name": "Insecure OS/Firmware", "type": "category", "children": [ { "id": "command_injection", "name": "Command Injection", "type": "subcategory", "priority": 1 }, { "id": "hardcoded_password", "name": "Hardcoded Password", "type": "subcategory", "children": [ { "id": "privileged_user", "name": "Privileged User", "type": "variant", "priority": 1 }, { "id": "non_privileged_user", "name": "Non-Privileged User", "type": "variant", "priority": 2 } ] } ] }, { "id": "broken_cryptography", "name": "Broken Cryptography", "type": "category", "children": [ { "id": "cryptographic_flaw", "name": "Cryptographic Flaw", "type": "subcategory", "children": [ { "id": "incorrect_usage", "name": "Incorrect Usage", "type": "variant", "priority": 1 } ] } ] }, { "id": "privacy_concerns", "name": "Privacy Concerns", "type": "category", "children": [ { "id": "unnecessary_data_collection", "name": "Unnecessary Data Collection", "type": "subcategory", "children": [ { "id": "wifi_ssid_password", "name": "WiFi SSID+Password", "type": "variant", "priority": 4 } ] } ] }, { "id": "network_security_misconfiguration", "name": "Network Security Misconfiguration", "type": "category", "children": [ { "id": "telnet_enabled", "name": "Telnet Enabled", "type": "subcategory", "children": [ { "id": "credentials_required", "name": "Credentials Required", "type": "variant", "priority": 4 } ] } ] }, { "id": "mobile_security_misconfiguration", "name": "Mobile Security Misconfiguration", "type": "category", "priority": null }, { "id": "poor_physical_security", "name": "Poor Physical Security", "type": "category", "priority": null }, { "id": "social_engineering", "name": "Social Engineering", "type": "category", "priority": null }, { "id": "client_side_injection", "name": "Client-Side Injection", "type": "category", "priority": null } ]
}