Kevin Bhupal

Static analysis  SonarQube https://www.sonarsource.com/ FOSS ZAP https://github.com/zaproxy/zaproxy Nuclei https://github.com/projectdiscovery/nuclei Nettacker https://github.com/OWASP/Nettacker  Nikto https://github.com/sullo/nikto Arachni https://github.com/Arachni/arachni Wapiti https://github.com/wapiti-scanner/wapiti Threatmapper https://github.com/deepfence/ThreatMapper Fremium Burp https://portswigger.net/burp Caido https://github.com/caido/caido Metasploit https://www.metasploi...

Authorisation Failures Permissions for editing own profile and others' Admins being able to edit/create/delete/privilege escalate to SuperAdmins admin creating superadmin admin self escalating to superadmin admin updating someone to superadmin admin deleting a superadmin admin modifying a superadmin Permissions updating instantly after change Session and other token deactivation after user deletion Code not matching spec/comments Local login: Proper hashing, salting Length checking Ent...