Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Web app authorization coverage scanning" - crawls your web application using a Chrome headless browser while logged in as a pre-defined use - intercepts and logs API requests as well as pages loaded during the crawling phase - In the next phase it logs in under a different user account and attempts to access each of one of the API requests or pages discovered previously. - Finally it generates a detailed report listing the resources discovered and whether or not they are accessible to the intruder users. VG Bernd [0] https://github.com/authcov/authcov -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de