US-021US-022US-023US-024US-025US-026US-103
L2 — Web Application Security (VAPT)
acmecorp.com · Full DAST + SAST · Licence: Web VAPT $15/mo
1
Critical
3
High
5
Medium
2
Low
DAST Findings
SAST (Semgrep)
Container Scan (Trivy)
Scheduled Scans
DAST Findings — OWASP Top 10 US-021, US-022, US-023
| Finding | OWASP | URL / Endpoint | Severity | Financial Risk | MITRE ATT&CK | Status | Fix |
|---|---|---|---|---|---|---|---|
| SQL Injection Parameter: ?q= on /api/search |
A03:2021 | POST /api/search |
CRITICAL | £18,000 | T1190 | Open | |
| Reflected XSS Unencoded user input in error page |
A03:2021 | GET /search?q= |
HIGH | £7,500 | T1189 | Open | |
| Broken Authentication — no account lockout Unlimited login attempts allowed |
A07:2021 | POST /login |
HIGH | £5,200 | T1110 | In Progress | |
| Directory listing enabled /uploads/ returns file listing |
A05:2021 | GET /uploads/ |
HIGH | £3,800 | T1083 | Open | |
| Outdated jQuery 1.8.3 with known CVEs CVE-2019-11358, CVE-2020-11023 |
A06:2021 | /static/js/jquery.js |
MEDIUM | £2,100 | — | Open |
🤖 AI Remediation — SQL Injection US-025, US-058
⚠ This is a Critical finding. Estimated time to exploit: <5 minutes by any attacker with sqlmap.
Use parameterised queries / prepared statements. Replace vulnerable code:
# ❌ VULNERABLE (current code)
query = f"SELECT * FROM products WHERE name = '{user_input}'"
# ✅ FIXED — parameterised query (Python / SQLAlchemy)
from sqlalchemy import text
query = text("SELECT * FROM products WHERE name = :name")
result = db.execute(query, {"name": user_input})
# ✅ FIXED — if using raw psycopg2
cursor.execute("SELECT * FROM products WHERE name = %s", (user_input,))
Schedule Recurring Scans US-026