Gold

• Authentication (3)
  • Non-Masked Password
  • Non-SSL Password
  • Password Auto-Complete
• Cross-Site Request Forgery (1)
• Cross-Site Scripting (1)
• Directory Access (1)
• Directory Browsing
• Information Leaks (9)
  • Application Exception
  • Basic Auth over HTTP
  • Browse HTTP from HTTPS
  • Credit Card Disclosure
  • Form Caching
  • Form Submitted Without Using POST
  • HTML & JavaScript Comments
  • Non-SSL Form
  • Username or Password in HTTP Request
• Input Validation (1)
  • HTTP Response Splitting
• Insecure Direct Object Reference (2)
  • URL in Query
  • Remote File Inclusion
• Insecure Resource Location (1)
  • File and Directory Discovery
• Session Management (1)
  • J2EE Session ID Length
• SQL Injection (1)
  • SQL Error Message
• Unvalidated Redirects and Forwards (1)
• Web Server Configuration (2)
  • Web Server Vulnerabilities
  • Check HTTP Methods