Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Web app authorization coverage scanning"
- crawls your web application using a Chrome headless browser while logged in as a pre-defined use
- intercepts and logs API requests as well as pages loaded during the crawling phase
- In the next phase it logs in under a different user account and attempts to access each of one of the API requests or pages discovered previously.
- Finally it generates a detailed report listing the resources discovered and whether or not they are accessible to the intruder users.
VG
Bernd
[0] https://github.com/authcov/authcov