This report holds the results of the Web Penetration Testing performed on uKnowva web application by the SecIQ security team. The details about each task and our findings have been consolidated for this Executive Summary.

Business-Critical Risks:

Findings Summary:

Sr.No	Category Name	Vulnerability Name	Instances	Status	Severity
1	Injection/ Vulnerable Outdated Components	SQL Injection Via Vulnerable Plugin	Nil	Closed	Critical
2	Broken Access Control	Insecure Direct Object Reference	9	Closed	High
3	Lack of Resources and Rate Limiting	Login Brute force	1	Closed	High
4	Injection	Open Redirection	1	Closed	High
5	Broken Access Control/ Injection	Parameter Pollution	2	Closed	High
6	Injection	Stored Cross Site Scripting	10	Closed	High
7	Identification and Authentication Failures	Cookie Reusability	1	Closed	Medium
8	Injection	Cross site Scripting via File Upload	9	Closed	Medium
9	Lack of Resources and Rate Limiting	Email Flooding	1	Closed	Medium
10	Security Misconfiguration	.Git Folder Exposure	1	Closed	Medium
11	Security Misconfiguration/ Broken Access Control	Information Exposure Via Log file	3	Closed	Medium
12	Injection	Reflected Cross Site Scripting	2	Closed	Medium
13	Security Misconfiguration	Cacheable HTTPS response	2	Closed	Low
14	Security Misconfiguration	Clickjacking	1	Closed	Low
15	Security Misconfiguration	Cookie Set without HTTP Only Flag	1	Closed	Low
16	Security Misconfiguration	HTTP Trace Method is Enabled	1	Closed	Low
17	Security Misconfiguration	Session Token in URL	3	Closed	Low
18	Security Misconfiguration	Vulnerable JavaScript Dependency	1	Closed	Low