Updates to app ID

[sgerlach]

No description provided.

[stackhawk]

❌ HawkScan Failed.

HawkScan Target Not Found Error:

Unable to access https://localhost:9000. Check if the web server is listening on the specified port.

Scan ID: 03c3a7cb-b0e9-4c2d-a084-13f4038b816c
Application: DeathStarAPI
Environment: custom-params

[stackhawk]

❌ HawkScan Failed.

HawkScan Target Not Found Error:

Unable to access https://localhost:9000. Check if the web server is listening on the specified port.

Scan ID: 3ff3531e-90ed-492b-b327-a5e37eea0a2f
Application: DeathStarAPI
Environment: custom-params

[stackhawk]

🦅 HawkScan Completed

DeathStarAPI | custom-params

❌ Check Failed: "8 Findings >= High Found"

5 Findings:

Vulnerability Details

NoSQL Injection - MongoDB

Found on 3 Paths

paths:
- /api/jwt/users/search/
- /api/jwt/items/search/
- /api/jwt/users/search/

SQL Injection

Found on 4 Paths

paths:
- /api/jwt/items/search/'
- /api/jwt/items/search
- /api/jwt/items/search/'
- /api/jwt/users/search/bad/'

ScottyCo Brewing Custom Tenant Check

Found on 1 Path

paths:
- /api/jwt/users/search/bad/user

Parameter Tampering

Found on 1 Path

paths:
- /api/jwt/items/search

Proxy Disclosure

Found on 10 Paths

paths:
- /api/basic
- /api/basic/items/search
- /api/basic/items
- /api/jwt/auth/signin
- /api/jwt/items/search/
- /api/jwt/admin/freeHosen
- /api/jwt
- /api/jwt/items/search
- /api/basic/items/search/pants
- <root>

Scan Metadata

duration: 15 min 56 sec 
date: Jun 14, 2023 at 4:01 PM UTC
scannedPaths: 28
hawkscanVersion: 3.1.0
host: https://localhost:9000

Scan IDs

applicationId: 52565685-666d-4da7-b9d2-034af780217c
scanId: edf5a21c-1b88-4257-85af-221d67a8187c