Information Disclosure: Crashing Page¶

Identifier: crashing_page

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When a page crashes due to an unhandled JavaScript error, it happens because the code doesn't cover all the unexpected issues that might come up during runtime. This can make the browser abruptly stop running scripts, which not only spoils the user experience but also makes the application unstable and potentially opens the door for more serious risks like data corruption or denial of service. Developers often miss handling scenarios like unusual inputs or network hiccups, leading to these crashes. If this problem is ignored, the resulting instability might allow attackers to take advantage of the system's unpredictable state.

References:

https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/02-Testing_for_Bypassing_Authentication_Schema

Configuration¶

Example¶

Example configuration:

---
security_tests:
  crashing_page:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.