ZAP Full Scan Report

[github-actions]

• Site: https://localhost

• Site: http://localhost:8080
  New Alerts

  • Absence of Anti-CSRF Tokens [10202] total: 5:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • http://localhost:8080/schedule-service
    • http://localhost:8080/scheduled-services
  • Anti-CSRF Tokens Check [20012] total: 5:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • http://localhost:8080/schedule-service
    • http://localhost:8080/scheduled-services
  • Content Security Policy (CSP) Header Not Set [10038] total: 8:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • ..
  • HTTP Only Site [10106] total: 1:
    • http://localhost:8080/perform-login
  • Hidden File Found [40035] total: 4:
    • http://localhost:8080/._darcs
    • http://localhost:8080/.bzr
    • http://localhost:8080/.hg
    • http://localhost:8080/BitKeeper
  • Sub Resource Integrity Attribute Missing [90003] total: 6:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/myprofile
    • http://localhost:8080/persons
    • http://localhost:8080/schedule-service
    • ..
  • Application Error Disclosure [90022] total: 1:
    • http://localhost:8080/register-totp
  • Cookie No HttpOnly Flag [10010] total: 2:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/cars?id=2
  • Cookie Slack Detector [90027] total: 13:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/confirm-service-1?id=1
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/logout
    • ..
  • Cookie without SameSite Attribute [10054] total: 2:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/cars?id=2
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/myprofile
    • http://localhost:8080/persons
    • http://localhost:8080/schedule-service
    • ..
  • Information Disclosure - Debug Error Messages [10023] total: 1:
    • http://localhost:8080/register-totp
  • Permissions Policy Header Not Set [10063] total: 8:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • ..
  • CORS Header [40040] total: 22:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/confirm-service-1?id=1
    • http://localhost:8080/login
    • ..
  • Cookie Slack Detector [90027] total: 9:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/myprofile
    • http://localhost:8080/persons
    • http://localhost:8080/register-totp
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • http://localhost:8080
    • http://localhost:8080/cars
  • Loosely Scoped Cookie [90033] total: 3:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/cars?id=2
    • http://localhost:8080/logout
  • Modern Web Application [10109] total: 2:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
  • Non-Storable Content [10049] total: 11:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/login
    • http://localhost:8080/logout
    • http://localhost:8080/myprofile
    • ..
  • Possible Username Enumeration [40023] total: 1:
    • http://localhost:8080/perform-login
  • User Agent Fuzzer [10104] total: 240:
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • ..

View the following link to download the report.
RunnerID:3534619305