Configuration: Excessive Browser Permissions¶

Identifier: excessive_browser_permissions

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Websites unnecessarily granting access to browser features or APIs like camera, microphone, or location services can open the door to misuse, potentially allowing attackers to collect information or perform actions on behalf of users.

How we test: We analyze web manifest files, permission requests, and browser API usage to detect if excessive permissions are granted. We check if applications follow the principle of least privilege and only request permissions that are truly necessary for functionality.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  excessive_browser_permissions:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.