Guessable Session ID
|
Web Application |
100 |
|
SSRF
|
Web Application |
100 |
|
JWT Misconfiguration
|
Web Application |
100 |
|
Login bypass
|
Web Application |
100 |
|
Old Backup Files
|
Web Application |
100 |
|
OTP Bruteforce
|
Web Application |
100 |
|
Encoding - Hashing
|
Web Application |
100 |
|
Bruteforce
|
Web Application |
100 |
|
Clipboard
|
Insecure Data Storage |
100 |
|
Memory
|
Insecure Data Storage |
100 |
|
KeyStore
|
Insecure Data Storage |
100 |
|
Shared Preferences
|
Insecure Data Storage |
100 |
|
Internal Storage
|
Insecure Data Storage |
100 |
|
External Storage
|
Insecure Data Storage |
100 |
|
SQLite Databases (Encrypted)
|
Insecure Data Storage |
100 |
|
SQLite Databases (Unencrypted)
|
Insecure Data Storage |
100 |
|
Unrestricted File Upload
|
Web Application |
100 |
|
2FA - Response Manipulation
|
Authentication |
100 |
|
Server Fingerprint
|
Web Application |
100 |
|
Review comment and Metadata
|
Web Application |
100 |
|
Default Credentials
|
Web Application |
100 |
|
MD4
|
Hashing |
100 |
|
SHA1
|
Hashing |
100 |
|
MD5
|
Hashing |
100 |
|
2FA - OTP Brute-Force 2
|
Authentication |
100 |
|
2FA - OTP Brute-Force
|
Authentication |
100 |
|
Caesar Cipher
|
Encryption |
100 |
|
WTF Logs
|
Logs |
100 |
|
Verbose Logs
|
Logs |
100 |
|
Debug Logs
|
Logs |
100 |
|
Error Logs
|
Logs |
100 |
|
Warnings Logs
|
Logs |
100 |
|
Informational Logs
|
Logs |
100 |
|
JavaScript - Info leak
|
Web Application |
100 |
|
HTTPS Traffic
|
HTTP Traffic |
100 |
|
TCP Traffic
|
Non-HTTP Traffic |
100 |
|
UDP Traffic
|
Non-HTTP Traffic |
100 |
|
HTTP Traffic
|
HTTP Traffic |
100 |
|
Sanity Check Flag
|
Sanity Check |
0 |
|