Internet-exposed
Posture
critical
2
high
6
medium
9
low
6
Ownership
Findings (26)
high
Missing CSP header on auth pages
OWASP ZAPDAST
triaged
6.5
high
Open Redis without auth
tfsecIaC
open
5.2
medium
Outdated lodash with prototype pollution
Contrast RASPRASP
open
5
medium
Container running as root
Contrast RASPRASP
open
9.9
low
SQL Injection in user-input handler
Contrast RASPRASP
triaged
5.7
low
JWT signed with weak HS256 secret
GitleaksSecrets
false positive
6
low
Missing rate limiting on /login
WizCSPM
triaged
9.1
critical
Dependency confusion risk on internal package
CheckovIaC
false positive
8
low
Race condition in payment idempotency
Contrast RASPRASP
false positive
8.9
medium
S3 bucket publicly readable
CheckmarxSAST
open
6
critical
Race condition in payment idempotency
SonarQubeSAST
triaged
9.8
info
Outdated lodash with prototype pollution
Burp SuiteDAST
open
7.7
medium
Insecure deserialization in message queue consumer
Burp Pro PenTestPenTest
open
4.6
high
Path traversal in file download endpoint
CheckmarxSAST
open
7
low
Missing CSP header on auth pages
Burp SuiteDAST
open
4.3
high
Race condition in payment idempotency
TruffleHogSecrets
triaged
7
medium
Container running as root
WizCSPM
false positive
7.8
medium
IAM role with wildcard permissions
ProwlerCSPM
open
8.5
high
Open Redis without auth
TruffleHogSecrets
triaged
7.9
medium
Missing CSP header on auth pages
SemgrepSAST
open
4.1
high
Log4Shell vulnerable dependency
SemgrepSAST
accepted
8.2
medium
Race condition in payment idempotency
SonarQubeSAST
false positive
5.9
medium
Missing CSP header on auth pages
TruffleHogSecrets
triaged
9.2
info
JWT signed with weak HS256 secret
SonarQubeSAST
open
6.3