{

"metadata": {
  "release_date": "2017-02-17T00:00:00+00:00"
},
"content": [
  {
    "id": "server_security_misconfiguration",
    "name": "Server Security Misconfiguration",
    "type": "category",
    "children": [
      {
        "id": "unsafe_cross_origin_resource_sharing",
        "name": "Unsafe Cross-Origin Resource Sharing",
        "type": "subcategory",
        "priority": null
      },
      {
        "id": "path_traversal",
        "name": "Path Traversal",
        "type": "subcategory",
        "priority": null
      },
      {
        "id": "directory_listing_enabled",
        "name": "Directory Listing Enabled",
        "type": "subcategory",
        "children": [
          {
            "id": "sensitive_data_exposure",
            "name": "Sensitive Data Exposure",
            "type": "variant",
            "priority": null
          },
          {
            "id": "non_sensitive_data_exposure",
            "name": "Non-Sensitive Data Exposure",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "same_site_scripting",
        "name": "Same-Site Scripting",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "ssl_attack_breach_poodle_etc",
        "name": "SSL Attack (BREACH, POODLE etc.)",
        "type": "subcategory",
        "priority": null
      },
      {
        "id": "using_default_credentials",
        "name": "Using Default Credentials",
        "type": "subcategory",
        "children": [
          {
            "id": "production_server",
            "name": "Production Server",
            "type": "variant",
            "priority": 1
          },
          {
            "id": "staging_development_server",
            "name": "Staging/Development Server",
            "type": "variant",
            "priority": 2
          }
        ]
      },
      {
        "id": "misconfigured_dns",
        "name": "Misconfigured DNS",
        "type": "subcategory",
        "children": [
          {
            "id": "subdomain_takeover",
            "name": "Subdomain Takeover",
            "type": "variant",
            "priority": 2
          }
        ]
      },
      {
        "id": "mail_server_misconfiguration",
        "name": "Mail Server Misconfiguration",
        "type": "subcategory",
        "children": [
          {
            "id": "missing_spf_on_email_domain",
            "name": "Missing SPF on Email Domain",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "email_spoofable_via_third_party_api_misconfiguration",
            "name": "Email Spoofable Via Third-Party API Misconfiguration",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "missing_spf_on_non_email_domain",
            "name": "Missing SPF on Non-Email Domain",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "spf_uses_a_soft_fail",
            "name": "SPF Uses a Soft Fail",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "spf_includes_10_lookups",
            "name": "SPF Includes More Than 10 Lookups",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "missing_dmarc",
            "name": "Missing DMARC",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "lack_of_password_confirmation",
        "name": "Lack of Password Confirmation",
        "type": "subcategory",
        "children": [
          {
            "id": "change_email_address",
            "name": "Change Email Address",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "change_password",
            "name": "Change Password",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "delete_account",
            "name": "Delete Account",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "no_rate_limiting_on_form",
        "name": "No Rate Limiting on Form",
        "type": "subcategory",
        "children": [
          {
            "id": "registration",
            "name": "Registration",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "login",
            "name": "Login",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "email_triggering",
            "name": "Email-Triggering",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "unsafe_file_upload",
        "name": "Unsafe File Upload",
        "type": "subcategory",
        "children": [
          {
            "id": "no_antivirus",
            "name": "No Antivirus",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "no_size_limit",
            "name": "No Size Limit",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "file_extension_filter_bypass",
            "name": "File Extension Filter Bypass",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "missing_secure_or_httponly_cookie_flag",
        "name": "Missing Secure or HTTPOnly Cookie Flag",
        "type": "subcategory",
        "children": [
          {
            "id": "session_token",
            "name": "Session Token",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "non_session_cookie",
            "name": "Non-Session Cookie",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "clickjacking",
        "name": "Clickjacking",
        "type": "subcategory",
        "children": [
          {
            "id": "sensitive_action",
            "name": "Sensitive Action",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "non_sensitive_action",
            "name": "Non-Sensitive Action",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "oauth_misconfiguration",
        "name": "OAuth Misconfiguration",
        "type": "subcategory",
        "children": [
          {
            "id": "missing_state_parameter",
            "name": "Missing State Parameter",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "captcha_bypass",
        "name": "Captcha Bypass",
        "type": "subcategory",
        "children": [
          {
            "id": "implementation_vulnerability",
            "name": "Implementation Vulnerability",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "brute_force",
            "name": "Brute Force",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "exposed_admin_portal",
        "name": "Exposed Admin Portal",
        "type": "subcategory",
        "children": [
          {
            "id": "to_internet",
            "name": "To Internet",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "missing_dnssec",
        "name": "Missing DNSSEC",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "username_enumeration",
        "name": "Username Enumeration",
        "type": "subcategory",
        "children": [
          {
            "id": "brute_force",
            "name": "Brute Force",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "potentially_unsafe_http_method_enabled",
        "name": "Potentially Unsafe HTTP Method Enabled",
        "type": "subcategory",
        "children": [
          {
            "id": "options",
            "name": "OPTIONS",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "trace",
            "name": "TRACE",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "insecure_ssl",
        "name": "Insecure SSL",
        "type": "subcategory",
        "children": [
          {
            "id": "lack_of_forward_secrecy",
            "name": "Lack of Forward Secrecy",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "insecure_cipher_suite",
            "name": "Insecure Cipher Suite",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "lack_of_security_headers",
        "name": "Lack of Security Headers",
        "type": "subcategory",
        "children": [
          {
            "id": "x_frame_options",
            "name": "X-Frame-Options",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "cache_control_for_a_non_sensitive_page",
            "name": "Cache-Control for a Non-Sensitive Page",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "x_xss_protection",
            "name": "X-XSS-Protection",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "strict_transport_security",
            "name": "Strict-Transport-Security",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "x_content_type_options",
            "name": "X-Content-Type-Options",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "content_security_policy",
            "name": "Content-Security-Policy",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "public_key_pins",
            "name": "Public-Key-Pins",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "x_content_security_policy",
            "name": "X-Content-Security-Policy",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "x_webkit_csp",
            "name": "X-Webkit-CSP",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "content_security_policy_report_only",
            "name": "Content-Security-Policy-Report-Only",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "cache_control_for_a_sensitive_page",
            "name": "Cache-Control for a Sensitive Page",
            "type": "variant",
            "priority": 4
          }
        ]
      }
    ]
  },
  {
    "id": "server_side_injection",
    "name": "Server-Side Injection",
    "type": "category",
    "children": [
      {
        "id": "file_inclusion",
        "name": "File Inclusion",
        "type": "subcategory",
        "children": [
          {
            "id": "local",
            "name": "Local",
            "type": "variant",
            "priority": 1
          }
        ]
      },
      {
        "id": "parameter_pollution",
        "name": "Parameter Pollution",
        "type": "subcategory",
        "children": [
          {
            "id": "social_media_sharing_buttons",
            "name": "Social Media Sharing Buttons",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "remote_code_execution_rce",
        "name": "Remote Code Execution (RCE)",
        "type": "subcategory",
        "priority": 1
      },
      {
        "id": "sql_injection",
        "name": "SQL Injection",
        "type": "subcategory",
        "children": [
          {
            "id": "error_based",
            "name": "Error-Based",
            "type": "variant",
            "priority": 1
          },
          {
            "id": "blind",
            "name": "Blind",
            "type": "variant",
            "priority": 1
          }
        ]
      },
      {
        "id": "xml_external_entity_injection_xxe",
        "name": "XML External Entity Injection (XXE)",
        "type": "subcategory",
        "priority": 1
      },
      {
        "id": "http_response_manipulation",
        "name": "HTTP Response Manipulation",
        "type": "subcategory",
        "children": [
          {
            "id": "response_splitting_crlf",
            "name": "Response Splitting (CRLF)",
            "type": "variant",
            "priority": 3
          }
        ]
      },
      {
        "id": "content_spoofing",
        "name": "Content Spoofing",
        "type": "subcategory",
        "children": [
          {
            "id": "iframe_injection",
            "name": "iframe Injection",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "external_authentication_injection",
            "name": "External Authentication Injection",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "email_html_injection",
            "name": "Email HTML Injection",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "text_injection",
            "name": "Text Injection",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "homograph_idn_based",
            "name": "Homograph/IDN-Based",
            "type": "variant",
            "priority": 5
          }
        ]
      }
    ]
  },
  {
    "id": "broken_authentication_and_session_management",
    "name": "Broken Authentication and Session Management",
    "type": "category",
    "children": [
      {
        "id": "authentication_bypass",
        "name": "Authentication Bypass",
        "type": "subcategory",
        "children": [
          {
            "id": "vertical",
            "name": "Vertical",
            "type": "variant",
            "priority": 1
          },
          {
            "id": "horizontal",
            "name": "Horizontal",
            "type": "variant",
            "priority": 2
          }
        ]
      },
      {
        "id": "weak_login_function",
        "name": "Weak Login Function",
        "type": "subcategory",
        "children": [
          {
            "id": "over_http",
            "name": "Over HTTP",
            "type": "variant",
            "priority": 3
          }
        ]
      },
      {
        "id": "session_fixation",
        "name": "Session Fixation",
        "type": "subcategory",
        "priority": 3
      },
      {
        "id": "failure_to_invalidate_session",
        "name": "Failure to Invalidate Session",
        "type": "subcategory",
        "children": [
          {
            "id": "on_logout",
            "name": "On Logout",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "on_password_reset",
            "name": "On Password Reset",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "on_password_change",
            "name": "On Password Change",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "all_sessions",
            "name": "All Sessions",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "on_email_change",
            "name": "On Email Change",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "long_timeout",
            "name": "Long Timeout",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "session_token_in_url",
        "name": "Session Token in URL",
        "type": "subcategory",
        "children": [
          {
            "id": "over_http",
            "name": "Over HTTP",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "over_https",
            "name": "Over HTTPS",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "concurrent_logins",
        "name": "Concurrent Logins",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "weak_registration_implementation",
        "name": "Weak Registration Implementation",
        "type": "subcategory",
        "children": [
          {
            "id": "over_http",
            "name": "Over HTTP",
            "type": "variant",
            "priority": 4
          }
        ]
      }
    ]
  },
  {
    "id": "insecure_direct_object_references_idor",
    "name": "Insecure Direct Object References (IDOR)",
    "type": "category",
    "priority": null
  },
  {
    "id": "sensitive_data_exposure",
    "name": "Sensitive Data Exposure",
    "type": "category",
    "children": [
      {
        "id": "critically_sensitive_data",
        "name": "Critically Sensitive Data",
        "type": "subcategory",
        "children": [
          {
            "id": "password_disclosure",
            "name": "Password Disclosure",
            "type": "variant",
            "priority": 1
          },
          {
            "id": "private_api_keys",
            "name": "Private API Keys",
            "type": "variant",
            "priority": 1
          }
        ]
      },
      {
        "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
        "name": "EXIF Geolocation Data Not Stripped From Uploaded Images",
        "type": "subcategory",
        "children": [
          {
            "id": "automatic_user_enumeration",
            "name": "Automatic User Enumeration",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "manual_user_enumeration",
            "name": "Manual User Enumeration",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "visible_detailed_error_page",
        "name": "Visible Detailed Error Page",
        "type": "subcategory",
        "priority": null
      },
      {
        "id": "disclosure_of_known_public_information",
        "name": "Disclosure of Known Public Information",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "token_leakage_via_referer",
        "name": "Token Leakage via Referer",
        "type": "subcategory",
        "children": [
          {
            "id": "over_https",
            "name": "Over HTTPS",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "over_http",
            "name": "Over HTTP",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "sensitive_token_in_url",
        "name": "Sensitive Token in URL",
        "type": "subcategory",
        "priority": 4
      },
      {
        "id": "weak_password_reset_implementation",
        "name": "Weak Password Reset Implementation",
        "type": "subcategory",
        "children": [
          {
            "id": "password_reset_token_sent_over_http",
            "name": "Password Reset Token Sent Over HTTP",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "mixed_content",
        "name": "Mixed Content",
        "type": "subcategory",
        "children": [
          {
            "id": "sensitive_data_disclosure",
            "name": "Sensitive Data Disclosure",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "requires_being_a_man_in_the_middle",
            "name": "Requires Being a Man-in-the-Middle",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "sensitive_data_hardcoded",
        "name": "Sensitive Data Hardcoded",
        "type": "subcategory",
        "children": [
          {
            "id": "oauth_secret",
            "name": "OAuth Secret",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "file_paths",
            "name": "File Paths",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "non_sensitive_token_in_url",
        "name": "Non-Sensitive Token in URL",
        "type": "subcategory",
        "priority": 5
      }
    ]
  },
  {
    "id": "cross_site_scripting_xss",
    "name": "Cross-Site Scripting (XSS)",
    "type": "category",
    "children": [
      {
        "id": "stored",
        "name": "Stored",
        "type": "subcategory",
        "children": [
          {
            "id": "non_admin_to_anyone",
            "name": "Non-Admin to Anyone",
            "type": "variant",
            "priority": 2
          },
          {
            "id": "admin_to_anyone",
            "name": "Admin to Anyone",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "self",
            "name": "Self",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "reflected",
        "name": "Reflected",
        "type": "subcategory",
        "children": [
          {
            "id": "non_self",
            "name": "Non-Self",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "self",
            "name": "Self",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "cookie_based",
        "name": "Cookie-Based",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "ie_only",
        "name": "IE-Only",
        "type": "subcategory",
        "children": [
          {
            "id": "older_version_ie_10_11",
            "name": "Older Version (IE 10/11)",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "xss_filter_disabled",
            "name": "XSS Filter Disabled",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "older_version_ie10",
            "name": "Older Version (< IE10)",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "referer",
        "name": "Referer",
        "type": "subcategory",
        "priority": 4
      },
      {
        "id": "trace_method",
        "name": "TRACE Method",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "universal_uxss",
        "name": "Universal (UXSS)",
        "type": "subcategory",
        "priority": 4
      },
      {
        "id": "off_domain",
        "name": "Off-Domain",
        "type": "subcategory",
        "children": [
          {
            "id": "data_uri",
            "name": "Data URI",
            "type": "variant",
            "priority": 4
          }
        ]
      }
    ]
  },
  {
    "id": "missing_function_level_access_control",
    "name": "Missing Function Level Access Control",
    "type": "category",
    "children": [
      {
        "id": "server_side_request_forgery_ssrf",
        "name": "Server-Side Request Forgery (SSRF)",
        "type": "subcategory",
        "children": [
          {
            "id": "internal",
            "name": "Internal",
            "type": "variant",
            "priority": 2
          },
          {
            "id": "external",
            "name": "External",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "username_enumeration",
        "name": "Username Enumeration",
        "type": "subcategory",
        "children": [
          {
            "id": "data_leak",
            "name": "Data Leak",
            "type": "variant",
            "priority": 4
          }
        ]
      },
      {
        "id": "exposed_sensitive_android_intent",
        "name": "Exposed Sensitive Android Intent",
        "type": "subcategory",
        "priority": null
      },
      {
        "id": "exposed_sensitive_ios_url_scheme",
        "name": "Exposed Sensitive iOS URL Scheme",
        "type": "subcategory",
        "priority": null
      }
    ]
  },
  {
    "id": "cross_site_request_forgery_csrf",
    "name": "Cross-Site Request Forgery (CSRF)",
    "type": "category",
    "children": [
      {
        "id": "application_wide",
        "name": "Applicaton-Wide",
        "type": "subcategory",
        "priority": 2
      },
      {
        "id": "action_specific",
        "name": "Action-Specific",
        "type": "subcategory",
        "children": [
          {
            "id": "authenticated_action",
            "name": "Authenticated Action",
            "type": "variant",
            "priority": null
          },
          {
            "id": "unauthenticated_action",
            "name": "Unauthenticated Action",
            "type": "variant",
            "priority": null
          }
        ]
      }
    ]
  },
  {
    "id": "application_level_denial_of_service_dos",
    "name": "Application-Level Denial-of-Service (DoS)",
    "type": "category",
    "children": [
      {
        "id": "critical_impact_and_or_easy_difficulty",
        "name": "Critical Impact and/or Easy Difficulty",
        "type": "subcategory",
        "priority": 2
      },
      {
        "id": "high_impact_and_or_medium_difficulty",
        "name": "High Impact and/or Medium Difficulty",
        "type": "subcategory",
        "priority": 3
      },
      {
        "id": "app_crash",
        "name": "App Crash",
        "type": "subcategory",
        "children": [
          {
            "id": "malformed_android_intents",
            "name": "Malformed Android Intents",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "malformed_ios_url_schemes",
            "name": "Malformed iOS URL Schemes",
            "type": "variant",
            "priority": 5
          }
        ]
      }
    ]
  },
  {
    "id": "unvalidated_redirects_and_forwards",
    "name": "Unvalidated Redirects and Forwards",
    "type": "category",
    "children": [
      {
        "id": "open_redirect",
        "name": "Open Redirect",
        "type": "subcategory",
        "children": [
          {
            "id": "get_based_all_users",
            "name": "GET-Based (All Users)",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "get_based_authenticated",
            "name": "GET-Based (Authenticated)",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "get_based_unauthenticated",
            "name": "GET-Based (Unauthenticated)",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "post_based",
            "name": "POST-Based",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "header_based",
            "name": "Header-Based",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "tabnabbing",
        "name": "Tabnabbing",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "lack_of_security_speed_bump_page",
        "name": "Lack of Security Speed Bump Page",
        "type": "subcategory",
        "priority": 5
      }
    ]
  },
  {
    "id": "external_behavior",
    "name": "External Behavior",
    "type": "category",
    "children": [
      {
        "id": "browser_feature",
        "name": "Browser Feature",
        "type": "subcategory",
        "children": [
          {
            "id": "plaintext_password_field",
            "name": "Plaintext Password Field",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "save_password",
            "name": "Save Password",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "autocomplete_enabled",
            "name": "Autocomplete Enabled",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "autocorrect_enabled",
            "name": "Autocorrect Enabled",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "aggressive_offline_caching",
            "name": "Aggressive Offline Caching",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "csv_injection",
        "name": "CSV Injection",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "captcha_bypass",
        "name": "Captcha Bypass",
        "type": "subcategory",
        "children": [
          {
            "id": "crowdsourcing",
            "name": "Crowdsourcing",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "system_clipboard_leak",
        "name": "System Clipboard Leak",
        "type": "subcategory",
        "children": [
          {
            "id": "shared_links",
            "name": "Shared Links",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "user_password_persisted_in_memory",
        "name": "User Password Persisted in Memory",
        "type": "subcategory",
        "priority": 5
      }
    ]
  },
  {
    "id": "insufficient_security_configurability",
    "name": "Insufficient Security Configurability",
    "type": "category",
    "children": [
      {
        "id": "weak_password_policy",
        "name": "Weak Password Policy",
        "type": "subcategory",
        "children": [
          {
            "id": "complexity_both_length_and_char_type_not_enforced",
            "name": "Complexity, Both Length and Char Type Not Enforced",
            "type": "variant",
            "priority": 3
          },
          {
            "id": "complexity_length_not_enforced",
            "name": "Complexity, Length Not Enforced",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "complexity_char_type_not_enforced",
            "name": "Complexity, Char Type Not Enforced",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "allows_reuse_of_old_passwords",
            "name": "Allows Reuse of Old Passwords",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "allows_password_to_be_same_as_email_username",
            "name": "Allows Password to be Same as Email/Username",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "weak_password_reset_implementation",
        "name": "Weak Password Reset Implementation",
        "type": "subcategory",
        "children": [
          {
            "id": "token_is_not_invalidated_after_use",
            "name": "Token is Not Invalidated After Use",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "token_is_not_invalidated_after_email_change",
            "name": "Token is Not Invalidated After Email Change",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "token_is_not_invalidated_after_password_change",
            "name": "Token is Not Invalidated After Password Change",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "token_has_long_timed_expiry",
            "name": "Token Has Long Timed Expiry",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "token_is_not_invalidated_after_new_token_is_requested",
            "name": "Token is Not Invalidated After New Token is Requested",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "lack_of_verification_email",
        "name": "Lack of Verification Email",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "lack_of_notification_email",
        "name": "Lack of Notification Email",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "weak_registration_implementation",
        "name": "Weak Registration Implementation",
        "type": "subcategory",
        "children": [
          {
            "id": "allows_disposable_email_addresses",
            "name": "Allows Disposable Email Addresses",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "weak_2fa_implementation",
        "name": "Weak 2FA Implementation",
        "type": "subcategory",
        "children": [
          {
            "id": "missing_failsafe",
            "name": "Missing Failsafe",
            "type": "variant",
            "priority": 5
          }
        ]
      }
    ]
  },
  {
    "id": "using_components_with_known_vulnerabilities",
    "name": "Using Components with Known Vulnerabilities",
    "type": "category",
    "children": [
      {
        "id": "rosetta_flash",
        "name": "Rosetta Flash",
        "type": "subcategory",
        "priority": 4
      },
      {
        "id": "outdated_software_version",
        "name": "Outdated Software Version",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "captcha_bypass",
        "name": "Captcha Bypass",
        "type": "subcategory",
        "children": [
          {
            "id": "ocr_optical_character_recognition",
            "name": "OCR (Optical Character Recognition)",
            "type": "variant",
            "priority": 5
          }
        ]
      }
    ]
  },
  {
    "id": "insecure_data_storage",
    "name": "Insecure Data Storage",
    "type": "category",
    "children": [
      {
        "id": "credentials_stored_unencrypted",
        "name": "Credentials Stored Unencrypted",
        "type": "subcategory",
        "children": [
          {
            "id": "on_external_storage",
            "name": "On External Storage",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "on_internal_storage",
            "name": "On Internal Storage",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "sensitive_application_data_stored_unencrypted",
        "name": "Sensitive Application Data Stored Unencrypted",
        "type": "subcategory",
        "children": [
          {
            "id": "on_external_storage",
            "name": "On External Storage",
            "type": "variant",
            "priority": 4
          },
          {
            "id": "on_internal_storage",
            "name": "On Internal Storage",
            "type": "variant",
            "priority": 5
          }
        ]
      },
      {
        "id": "non_sensitive_application_data_stored_unencrypted",
        "name": "Non-Sensitive Application Data Stored Unencrypted",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "screen_caching_enabled",
        "name": "Screen Caching Enabled",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "insecure_data_storage",
        "name": "Insecure Data Storage",
        "type": "subcategory",
        "children": [
          {
            "id": "password",
            "name": "Password",
            "type": "variant",
            "priority": 2
          }
        ]
      }
    ]
  },
  {
    "id": "lack_of_binary_hardening",
    "name": "Lack of Binary Hardening",
    "type": "category",
    "children": [
      {
        "id": "lack_of_exploit_mitigations",
        "name": "Lack of Exploit Mitigations",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "lack_of_jailbreak_detection",
        "name": "Lack of Jailbreak Detection",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "lack_of_obfuscation",
        "name": "Lack of Obfuscation",
        "type": "subcategory",
        "priority": 5
      },
      {
        "id": "runtime_instrumentation_based",
        "name": "Runtime Instrumentation-Based",
        "type": "subcategory",
        "priority": 5
      }
    ]
  },
  {
    "id": "insecure_data_transport",
    "name": "Insecure Data Transport",
    "type": "category",
    "children": [
      {
        "id": "ssl_certificate_pinning",
        "name": "SSL Certificate Pinning",
        "type": "subcategory",
        "children": [
          {
            "id": "absent",
            "name": "Absent",
            "type": "variant",
            "priority": 5
          },
          {
            "id": "defeatable",
            "name": "Defeatable",
            "type": "variant",
            "priority": 5
          }
        ]
      }
    ]
  },
  {
    "id": "insecure_os_firmware",
    "name": "Insecure OS/Firmware",
    "type": "category",
    "children": [
      {
        "id": "command_injection",
        "name": "Command Injection",
        "type": "subcategory",
        "priority": 1
      },
      {
        "id": "hardcoded_password",
        "name": "Hardcoded Password",
        "type": "subcategory",
        "children": [
          {
            "id": "privileged_user",
            "name": "Privileged User",
            "type": "variant",
            "priority": 1
          },
          {
            "id": "non_privileged_user",
            "name": "Non-Privileged User",
            "type": "variant",
            "priority": 2
          }
        ]
      }
    ]
  },
  {
    "id": "broken_cryptography",
    "name": "Broken Cryptography",
    "type": "category",
    "children": [
      {
        "id": "cryptographic_flaw",
        "name": "Cryptographic Flaw",
        "type": "subcategory",
        "children": [
          {
            "id": "incorrect_usage",
            "name": "Incorrect Usage",
            "type": "variant",
            "priority": 1
          }
        ]
      }
    ]
  },
  {
    "id": "privacy_concerns",
    "name": "Privacy Concerns",
    "type": "category",
    "children": [
      {
        "id": "unnecessary_data_collection",
        "name": "Unnecessary Data Collection",
        "type": "subcategory",
        "children": [
          {
            "id": "wifi_ssid_password",
            "name": "WiFi SSID+Password",
            "type": "variant",
            "priority": 4
          }
        ]
      }
    ]
  },
  {
    "id": "network_security_misconfiguration",
    "name": "Network Security Misconfiguration",
    "type": "category",
    "children": [
      {
        "id": "telnet_enabled",
        "name": "Telnet Enabled",
        "type": "subcategory",
        "children": [
          {
            "id": "credentials_required",
            "name": "Credentials Required",
            "type": "variant",
            "priority": 4
          }
        ]
      }
    ]
  },
  {
    "id": "mobile_security_misconfiguration",
    "name": "Mobile Security Misconfiguration",
    "type": "category",
    "priority": null
  },
  {
    "id": "client_side_injection",
    "name": "Client-Side Injection",
    "type": "category",
    "priority": null
  }
]

}