owasp.org
Open in
urlscan Pro
2606:4700:10::6816:1a4d
Public Scan
Submission: On July 02 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 4th 2023. Valid for: a year.
This is the only time owasp.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 2606:4700:10:... 2606:4700:10::6816:1a4d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 192.30.255.117 192.30.255.117 | 36459 (GITHUB) (GITHUB) | |
13 | 5 |
ASN36459 (GITHUB, US)
PTR: lb-192-30-255-117-sea.github.com
api.github.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
gstatic.com
fonts.gstatic.com |
86 KB |
5 |
owasp.org
owasp.org — Cisco Umbrella Rank: 164282 |
115 KB |
2 |
github.com
api.github.com — Cisco Umbrella Rank: 4493 |
4 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
2 KB |
13 | 4 |
Domain | Requested by | |
---|---|---|
5 | fonts.gstatic.com |
fonts.googleapis.com
|
5 | owasp.org |
owasp.org
|
2 | api.github.com |
owasp.org
|
1 | fonts.googleapis.com |
owasp.org
|
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
github.com |
cheatsheetseries.owasp.org |
portswigger.net |
www.oauth.com |
cwe.mitre.org |
creativecommons.org |
squidfunk.github.io |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-04 - 2024-05-03 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-16 - 2024-03-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://owasp.org/Top10/A01_2021-Broken_Access_Control/
Frame ID: 4AC01A634BA23EFFD9492BB3A21F8340
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
A01 Broken Access Control - OWASP Top 10:2021Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
40 Outgoing links
These are links going to different origins than the main page.
Title: OWASP/Top10 3.7k760
Search URL Search Domain Scan URL
Title: OWASP Cheat Sheet: Authorization
Search URL Search Domain Scan URL
Title: PortSwigger: Exploiting CORS misconfiguration
Search URL Search Domain Scan URL
Title: OAuth: Revoking Access
Search URL Search Domain Scan URL
Title: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Search URL Search Domain Scan URL
Title: CWE-23 Relative Path Traversal
Search URL Search Domain Scan URL
Title: CWE-35 Path Traversal: '.../...//'
Search URL Search Domain Scan URL
Title: CWE-59 Improper Link Resolution Before File Access ('Link Following')
Search URL Search Domain Scan URL
Title: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Search URL Search Domain Scan URL
Title: CWE-201 Exposure of Sensitive Information Through Sent Data
Search URL Search Domain Scan URL
Title: CWE-219 Storage of File with Sensitive Data Under Web Root
Search URL Search Domain Scan URL
Title: CWE-264 Permissions, Privileges, and Access Controls (should no longer be used)
Search URL Search Domain Scan URL
Title: CWE-275 Permission Issues
Search URL Search Domain Scan URL
Title: CWE-276 Incorrect Default Permissions
Search URL Search Domain Scan URL
Title: CWE-284 Improper Access Control
Search URL Search Domain Scan URL
Title: CWE-285 Improper Authorization
Search URL Search Domain Scan URL
Title: CWE-352 Cross-Site Request Forgery (CSRF)
Search URL Search Domain Scan URL
Title: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
Search URL Search Domain Scan URL
Title: CWE-377 Insecure Temporary File
Search URL Search Domain Scan URL
Title: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
Search URL Search Domain Scan URL
Title: CWE-425 Direct Request ('Forced Browsing')
Search URL Search Domain Scan URL
Title: CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
Search URL Search Domain Scan URL
Title: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Search URL Search Domain Scan URL
Title: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
Search URL Search Domain Scan URL
Title: CWE-540 Inclusion of Sensitive Information in Source Code
Search URL Search Domain Scan URL
Title: CWE-548 Exposure of Information Through Directory Listing
Search URL Search Domain Scan URL
Title: CWE-552 Files or Directories Accessible to External Parties
Search URL Search Domain Scan URL
Title: CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key
Search URL Search Domain Scan URL
Title: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Search URL Search Domain Scan URL
Title: CWE-639 Authorization Bypass Through User-Controlled Key
Search URL Search Domain Scan URL
Title: CWE-651 Exposure of WSDL File Containing Sensitive Information
Search URL Search Domain Scan URL
Title: CWE-668 Exposure of Resource to Wrong Sphere
Search URL Search Domain Scan URL
Title: CWE-706 Use of Incorrectly-Resolved Name or Reference
Search URL Search Domain Scan URL
Title: CWE-862 Missing Authorization
Search URL Search Domain Scan URL
Title: CWE-863 Incorrect Authorization
Search URL Search Domain Scan URL
Title: CWE-913 Improper Control of Dynamically-Managed Code Resources
Search URL Search Domain Scan URL
Title: CWE-922 Insecure Storage of Sensitive Information
Search URL Search Domain Scan URL
Title: CWE-1275 Sensitive Cookie with Improper SameSite Attribute
Search URL Search Domain Scan URL
Title: Creative Commons Attribution 3.0 Unported License
Search URL Search Domain Scan URL
Title: Material for MkDocs
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
owasp.org/Top10/A01_2021-Broken_Access_Control/ |
29 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.ded33207.min.css
owasp.org/Top10/assets/stylesheets/ |
111 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
23 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OWASP_Logo_Transp.png
owasp.org/Top10/assets/ |
12 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TOP_10_Icons_Final_Broken_Access_Control.png
owasp.org/Top10/assets/ |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.51198bba.min.js
owasp.org/Top10/assets/javascripts/ |
111 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2
fonts.gstatic.com/s/robotomono/v22/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest
api.github.com/repos/OWASP/Top10/releases/ |
125 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Top10
api.github.com/repos/OWASP/ |
6 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
548 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
432 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| __md_scope function| __md_hash function| __md_get function| __md_set object| palette undefined| key function| applyFocusVisiblePolyfill function| IFrameWorker object| document$ object| location$ object| target$ object| keyboard$ object| viewport$ object| tablet$ object| screen$ object| print$ object| alert$ object| component$0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.github.com
fonts.googleapis.com
fonts.gstatic.com
owasp.org
192.30.255.117
2606:4700:10::6816:1a4d
2a00:1450:4001:808::2003
2a00:1450:4001:828::200a
09484432f7b44413d8ad72c82fa87dfd3b29cfa09a5ff14876cf1a231473fc1d
0dc560a51a4414c2f14eb6d5c9b3f681b1debe37232bfb9cd75073acf77ffcda
1bb39925d1e3cd0612931e259b231623fba0523b311ce4d27fee0267db0e0f1a
2fd10e901a68eee4734c03b779e03e388f60723cab87397cdf44199b1e003099
472961eb52640bc49059deac8d64214489f3bdc19177d645661427e5a3912ca1
586bd900e06fe89cdb1494835e97de46dc42a098ac7100d1d6c1097622e437cc
740a4cfa9ea983f861cdeb7c2aabd1fe56cbcd19a1a9e3ff690e51b1401a896e
ba42348c56564f99673afa7bb2187f203d69759153a807bc2530efa90c8fbff8
c909e8b26f51414f91116617b6172372c38e47d284961771fbbd377fd7fa52b0
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
ded332077fbb768f29149148725c7cedaa836c6617eb3884063e5c974b7fe7e3
f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef