List of risks

Risk Name

Description

tempScriptDownload It is possible to download temporary script files, which may expose the application logic and other sensitive information such as usernames and passwords.
sourceCodeDisclosure It is possible to retrieve the source code of server-side scripts, which may expose the application logic and other sensitive information such as usernames and passwords.
pathDisclosure It is possible to retrieve the absolute path of the web server installation, which may help an attacker to develop further attacks and to gain information about the file system structure of the web application.
directoryListing It is possible to view and download the contents of certain web application virtual directories, which may contain restricted files.
envVariablesExposure It is possible to expose server environment variables, which may help an attacker to develop further attacks against the web application.
anyFileDownload It is possible to view the contents of any file (e.g. databases, user information or configuration files) on the web server (under the permission restrictions of the web server user).
userImpersonation It is possible to steal customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.
remoteCommandExecution It is possible to execute remote commands on the web server. This usually means complete compromise of the server and its contents.
cacheFilesDownload It is possible to view the contents of cache files, which may contain sensitive information regarding the web application.
debugErrorInformation It is possible to gather sensitive debugging information.
eShoplifting It is possible to steal goods or services (eShoplifting).
denialOfService It is possible to prevent the web application from serving other users (denial of service).
privilegeEscalation It is possible to escalate user privileges and gain administrative permissions over the web application.
genericWorstCase It is possible to undermine application logic.
configurationFile

Downloadable

It is possible to download or view the contents of a configuration file, which may contain vital information such as usernames and passwords.
sensitiveInformation It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.
genericWorstCaseJavaScript™ It is possible to exploit JavaScript; the extent of the risk depends on the context of the page modified at the client side.
genericWorstCaseJSCookie It is possible to exploit JSCookie code; the extent of the risk depends on the context and role of the cookies that are created at the client side.
emailSpoofing It is possible to send emails through your web application, using spoofed email addresses.
siteDefacement It is possible to upload, modify or delete web pages, scripts and files on the web server.
databaseManipulations It is possible to view, modify or delete database entries and tables (SQL Injection).
authBypass It is possible to bypass the web application's authentication mechanism.
siteStructureRevealed It is possible to retrieve information about the site's file system structure, which may help the attacker to map the website.
publisherInformation

Revealed

It is possible to retrieve sensitive FrontPage publishing information.
dataResourceDownload It is possible to access information stored in a sensitive data resource.
sensitiveNotOverSSL It is possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted.
loginNotOverSSL It is possible to steal user login information such as usernames and password that are sent unencrypted.
unsecureCookieInSSL It is possible to steal user and session information (cookies) that was sent during an encrypted session.
sessionCookieNotRAM It is possible to steal session information (cookies) that was kept on disk as permanent cookies.
phishing It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc.
cachePoisoning It is possible to deface the site content through web-cache poisoning.
attackFacilitation It is possible for an attacker to use the web server to attack other sites, which increases his or her anonymity.
maliciousContent n/a
clientCodeExecution It is possible to execute arbitrary code on the Web application's clients.
siteImpersonation Using additional attack vectors, it is possible for a malicious attacker to impersonate this site.