From 56755e3df0841abfd33567c2fe5a74e7b2969002 Mon Sep 17 00:00:00 2001 From: Emmanuel Gautier Date: Mon, 7 Oct 2024 23:08:30 +0200 Subject: [PATCH] chore: move to nextra 3 remote files --- docs/best-practices/{jwt.md => jwt.mdx} | 0 ...{security-headers.md => security-headers.mdx} | 0 .../{github-action.md => github-action.mdx} | 0 .../{jwt-alg-none.md => jwt-alg-none.mdx} | 14 ++++++++++---- ...{jwt-blank-secret.md => jwt-blank-secret.mdx} | 16 +++++++++++----- ...ack.md => jwt-cross-service-relay-attack.mdx} | 0 ...-null-signature.md => jwt-null-signature.mdx} | 8 +++++++- .../{jwt-weak-secret.md => jwt-weak-secret.mdx} | 14 ++++++++++---- .../graphql-introspection.md | 6 +++++- 9 files changed, 43 insertions(+), 15 deletions(-) rename docs/best-practices/{jwt.md => jwt.mdx} (100%) rename docs/best-practices/{security-headers.md => security-headers.mdx} (100%) rename docs/getting-started/{github-action.md => github-action.mdx} (100%) rename docs/vulnerabilities/broken-authentication/{jwt-alg-none.md => jwt-alg-none.mdx} (95%) rename docs/vulnerabilities/broken-authentication/{jwt-blank-secret.md => jwt-blank-secret.mdx} (91%) rename docs/vulnerabilities/broken-authentication/{jwt-cross-service-relay-attack.md => jwt-cross-service-relay-attack.mdx} (100%) rename docs/vulnerabilities/broken-authentication/{jwt-null-signature.md => jwt-null-signature.mdx} (83%) rename docs/vulnerabilities/broken-authentication/{jwt-weak-secret.md => jwt-weak-secret.mdx} (92%) diff --git a/docs/best-practices/jwt.md b/docs/best-practices/jwt.mdx similarity index 100% rename from docs/best-practices/jwt.md rename to docs/best-practices/jwt.mdx diff --git a/docs/best-practices/security-headers.md b/docs/best-practices/security-headers.mdx similarity index 100% rename from docs/best-practices/security-headers.md rename to docs/best-practices/security-headers.mdx diff --git a/docs/getting-started/github-action.md b/docs/getting-started/github-action.mdx similarity index 100% rename from docs/getting-started/github-action.md rename to docs/getting-started/github-action.mdx diff --git a/docs/vulnerabilities/broken-authentication/jwt-alg-none.md b/docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx similarity index 95% rename from docs/vulnerabilities/broken-authentication/jwt-alg-none.md rename to docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx index 3b4958a..b3a6541 100644 --- a/docs/vulnerabilities/broken-authentication/jwt-alg-none.md +++ b/docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx @@ -77,6 +77,16 @@ Invalid JWT has this header with algorithm set to none. } ``` +## How to test? + +If you want to test only the "JWT Alg None" vulnerability, you can use the following command: + +```bash +vulnapi scan --scans jwt.alg_none [url] +``` + +VulnAPI supports scanning against various types of other JWT vulnerabilities as well. + ## What is the impact? The potential security impacts of the JWT "alg none" vulnerability are significant and can include: @@ -89,10 +99,6 @@ The potential security impacts of the JWT "alg none" vulnerability are significa - **Denial of Service (DDoS)**: In some cases, attackers may exploit the vulnerability to craft JWTs with payloads that cause unexpected behavior or errors within the application, potentially leading to service disruptions or system crashes. - **Bypassing Security Controls**: In systems where JWTs are used for access control (authorization) or authentication, the "alg none" vulnerability can bypass security controls altogether, rendering any security mechanisms relying on JWTs ineffective. -## How to test? - -TODO: VulnAPI Command - ## How to remediate? Remediating the JWT "alg none" vulnerability is to ensure that the JWT library or implementation being used is not vulnerable to this issue and is correctly configured. diff --git a/docs/vulnerabilities/broken-authentication/jwt-blank-secret.md b/docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx similarity index 91% rename from docs/vulnerabilities/broken-authentication/jwt-blank-secret.md rename to docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx index dd90eee..bf13e0f 100644 --- a/docs/vulnerabilities/broken-authentication/jwt-blank-secret.md +++ b/docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx @@ -68,15 +68,21 @@ The following JWT is signed with an empty secret: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTYyNDI2MjIsImlhdCI6MTUxNjIzOTAyMiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiMmNiMzA3YmEtYmI0Ni00MTk0LTg1NGYtNDc3NDA0NmQ5YzliIn0.SCC35SSgMSMr0kV1i_TuPAhiSGtsC1cFGCfvaus5GyU ``` -# What is the impact? +## How to test? -Signing a JWT with a blank secret has a significant impact on the security of the token. A blank secret means that there is no secret key used to sign the token, making it vulnerable to tampering and unauthorized access. +If you want to test only the "JWT Blank Secret" vulnerability, you can use the following command: -By signing a JWT with a blank secret, anyone with access to the token can modify its contents without detection. This can lead to various security risks, such as impersonation, data tampering, and unauthorized access to protected resources. +```bash +vulnapi scan --scans jwt.blank_secret [url] +``` -## How to test? +VulnAPI supports scanning against various types of other JWT vulnerabilities as well. -TODO: VulnAPI Command +## What is the impact? + +Signing a JWT with a blank secret has a significant impact on the security of the token. A blank secret means that there is no secret key used to sign the token, making it vulnerable to tampering and unauthorized access. + +By signing a JWT with a blank secret, anyone with access to the token can modify its contents without detection. This can lead to various security risks, such as impersonation, data tampering, and unauthorized access to protected resources. ## How to remediate? diff --git a/docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.md b/docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.mdx similarity index 100% rename from docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.md rename to docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.mdx diff --git a/docs/vulnerabilities/broken-authentication/jwt-null-signature.md b/docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx similarity index 83% rename from docs/vulnerabilities/broken-authentication/jwt-null-signature.md rename to docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx index 3b16f4f..127a804 100644 --- a/docs/vulnerabilities/broken-authentication/jwt-null-signature.md +++ b/docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx @@ -41,7 +41,13 @@ TODO: write an example ## How to test? -TODO: VulnAPI Command +If you want to test only the "JWT Null Signature" vulnerability, you can use the following command: + +```bash +vulnapi scan --scans jwt.null_signature [url] +``` + +VulnAPI supports scanning against various types of other JWT vulnerabilities as well. ## What is the impact? diff --git a/docs/vulnerabilities/broken-authentication/jwt-weak-secret.md b/docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx similarity index 92% rename from docs/vulnerabilities/broken-authentication/jwt-weak-secret.md rename to docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx index 49c041d..9c8012c 100644 --- a/docs/vulnerabilities/broken-authentication/jwt-weak-secret.md +++ b/docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx @@ -76,13 +76,19 @@ The following JWT is signed with `secret` secret: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTYyNDI2MjIsImlhdCI6MTUxNjIzOTAyMiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiMmNiMzA3YmEtYmI0Ni00MTk0LTg1NGYtNDc3NDA0NmQ5YzliIn0.gTgBr6lotpAxs4M46PgUXrjhIN5-gYG4HffKSEIB6Ys ``` -# What is the impact? +## How to test? -The impact of using a weak secret key to sign a JWT is significant. Attackers can easily find the secret key and modify the token's claims and content without detection. This can lead to unauthorized access, data tampering, and other security risks. +If you want to test only the "JWT Null Signature" vulnerability, you can use the following command: -## How to test? +```bash +vulnapi scan --scans jwt.weak_secret [url] +``` -TODO: VulnAPI Command +VulnAPI supports scanning against various types of other JWT vulnerabilities as well. + +## What is the impact? + +The impact of using a weak secret key to sign a JWT is significant. Attackers can easily find the secret key and modify the token's claims and content without detection. This can lead to unauthorized access, data tampering, and other security risks. ## How to remediate? diff --git a/docs/vulnerabilities/security-misconfiguration/graphql-introspection.md b/docs/vulnerabilities/security-misconfiguration/graphql-introspection.md index 8849141..1aee5dd 100644 --- a/docs/vulnerabilities/security-misconfiguration/graphql-introspection.md +++ b/docs/vulnerabilities/security-misconfiguration/graphql-introspection.md @@ -41,7 +41,11 @@ The potential security impacts of GraphQL introspection are significant and can ## How to test? -TODO: add VulnAPI command +If you want to test only the "GraphQL Introspection Enabled" vulnerability, you can use the following command: + +```bash +vulnapi scan graphql --scans graphql.introspection_enabled [url] +``` ## How to remediate?