vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vasco:5059041ec723c517534116e72761f18ccff832b6
Branches Tags
vasco:main vasco:secret_branch
..
compare: vasco:main
Branches Tags
vasco:main vasco:secret_branch

31 Commits
5059041ec7 ... main

Author SHA1 Message Date
vasco
81e6fb8aa4 rip 2026-06-03 11:43:39 +01:00
vasco
ab3cbb9081 the council 2026-06-03 11:39:05 +01:00
vasco
a6860e338d kys20 2026-06-03 11:32:02 +01:00
vasco
30a9483402 kys18 2026-06-02 23:57:15 +01:00
vasco
bc450ebbb3 kys17 2026-06-02 23:46:21 +01:00
vasco
0992d4a6e0 kys16 2026-06-02 23:38:20 +01:00
vasco
c053a064b2 kys15 2026-06-02 23:28:02 +01:00
vasco
cfa62d8ce0 kys14 2026-06-02 23:22:37 +01:00
vasco
0f3e2044a0 kys13 2026-06-02 23:20:25 +01:00
vasco
e9616a8c7c kys12 2026-06-02 23:10:52 +01:00
vasco
361f34c19f kys11 2026-06-02 22:49:55 +01:00
vasco
1f6bb854c3 kys10 2026-06-02 22:44:16 +01:00
vasco
05cbbfbe18 kys9 2026-06-02 22:16:25 +01:00
vasco
ad84c1ba29 kys8 2026-05-31 22:40:18 +01:00
jelly Tomas
53c4898efe kys7 2026-05-31 22:00:19 +01:00
vasco
c7b5f0e436 oops 2026-05-31 21:53:41 +01:00
vasco
51060422d1 kys6 2026-05-31 21:42:41 +01:00
vasco
e3d7b83059 mod security 2026-05-31 20:11:27 +01:00
vasco
73c5b1c5d5 kys4 2026-05-31 19:47:48 +01:00
vasco
aa58c0cb1d kys3 2026-05-31 19:30:39 +01:00
vasco
183901ab31 kys2 2026-05-31 19:11:32 +01:00
vasco
3e0237c6f3 httpd 2026-05-31 19:04:42 +01:00
vasco
e90263b3c5 kys 2026-05-31 18:50:32 +01:00
vasco
f69d1d3b38 son ;( 2026-05-31 18:37:17 +01:00
vasco
00f537bc3a fixed 4 (the return of the family) 2026-05-31 15:26:31 +01:00
vasco
c528f4844b fixed 3 (for real this time) 2026-05-31 15:24:32 +01:00
vasco
fdc85d9109 syntax error? 2026-05-31 15:18:35 +01:00
vasco
8136c49f50 fix 2026-05-31 15:16:13 +01:00
vasco
ded74f1a45 modsecurity 2026-05-31 14:55:52 +01:00
vasco
a17feb0e1b Merge 2026-05-31 13:35:20 +01:00
vasco
89b17901a9 hmmmmm 2026-05-31 13:14:42 +01:00
89 changed files with 4717 additions and 34591 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
*.log
*.aux
*.synctex.gz

7
README.md
View File

@@ -1,6 +1 @@
# Coisas para leres que sao fixes wowowowowowow !!!!! (Assignment 2)
- Os slides (duh)
- Okay o mais importante é os slides.
- [X.509 (ssl.com)](https://www.ssl.com/faqs/what-is-an-x-509-certificate/)
- [X.509 (youtube)](https://www.youtube.com/watch?v=kAaIYRJoJkc)
kys

15
SERVER.sh
View File

@@ -25,7 +25,6 @@ instalar nodejs
instalar epel-release
instalar httpd
instalar mod_security
instalar mod_security_crs
instalar iptables-services
s stop firewalld
@@ -42,7 +41,11 @@ sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -m state --state ESTABLISHED,RELATE
sudo iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
sudo iptables-save > /etc/sysconfig/iptables
sudo cp conf/httpd.conf /etc/httpd/httpd.conf
sudo cp conf/httpd.conf /etc/httpd/conf/httpd.conf
sudo cp conf/modsecurity.conf /etc/httpd/conf/modsecurity.conf
sudo mkdir -p /var/log/modsecurity/
sudo rm -f /etc/httpd/conf.d/mod_security.conf
sudo rm -f /etc/httpd/modsecurity.d/*.conf
# instalar juice-shop se nao existir
jspath="/var/juice-shop"
@@ -54,10 +57,10 @@ if [[ ! -f "$jspath/package.json" ]]; then
sudo chown -R $USER:$USER "$jspath"
fi
# apache WAF (desativado por default)
s stop httpd
s disable httpd
sudo systemctl stop httpd
# correr juice shop via npm
cd "$jspath"
npm start
npm start &
httpd -X

2588
TestesRealizados1/APi&test/2026-05-28-ZAP-Report-.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/APi&test/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/APi&test/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/APi&test/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/APi&test/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/APi&test/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

1913
TestesRealizados1/DEVCICD-/DEVCICD-.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/DEVCICD-/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/DEVCICD-/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/DEVCICD-/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/DEVCICD-/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/DEVCICD-/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2919
TestesRealizados1/Default^Policy/Default^Policy.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/Default^Policy/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/Default^Policy/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/Default^Policy/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/Default^Policy/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/Default^Policy/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

1896
TestesRealizados1/Dev&Full/Dev&Full.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/Dev&Full/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/Dev&Full/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/Dev&Full/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/Dev&Full/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/Dev&Full/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2645
TestesRealizados1/Dev&Standard/Dev&Standard.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/Dev&Standard/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/Dev&Standard/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/Dev&Standard/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/Dev&Standard/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/Dev&Standard/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2794
TestesRealizados1/Pen&Test/Pen&Test.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/Pen&Test/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/Pen&Test/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/Pen&Test/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/Pen&Test/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/Pen&Test/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

1896
TestesRealizados1/QA&CICD/QA&CICD.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/QA&CICD/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/QA&CICD/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/QA&CICD/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/QA&CICD/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/QA&CICD/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2609
TestesRealizados1/QA&Full/QA&Full.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/QA&Full/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/QA&Full/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/QA&Full/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/QA&Full/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/QA&Full/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2768
TestesRealizados1/QA&Standard/QA&Standard.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/QA&Standard/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/QA&Standard/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/QA&Standard/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/QA&Standard/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/QA&Standard/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

2624
TestesRealizados1/Squeence/Squeence.html
View File

File diff suppressed because one or more lines are too long

21
TestesRealizados1/Squeence/normalize/LICENSE.md
View File

@@ -1,21 +0,0 @@
# The MIT License (MIT)
Copyright © Nicolas Gallagher and Jonathan Neal
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

349
TestesRealizados1/Squeence/normalize/normalize.css vendored
View File

@@ -1,349 +0,0 @@
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
/* Document
========================================================================== */
/**
* 1. Correct the line height in all browsers.
* 2. Prevent adjustments of font size after orientation changes in iOS.
*/
html {
line-height: 1.15; /* 1 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/* Sections
========================================================================== */
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/**
* Render the `main` element consistently in IE.
*/
main {
display: block;
}
/**
* Correct the font size and margin on `h1` elements within `section` and
* `article` contexts in Chrome, Firefox, and Safari.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/* Grouping content
========================================================================== */
/**
* 1. Add the correct box sizing in Firefox.
* 2. Show the overflow in Edge and IE.
*/
hr {
box-sizing: content-box; /* 1 */
height: 0; /* 1 */
overflow: visible; /* 2 */
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
pre {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/* Text-level semantics
========================================================================== */
/**
* Remove the gray background on active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* 1. Remove the bottom border in Chrome 57-
* 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
*/
abbr[title] {
border-bottom: none; /* 1 */
text-decoration: underline; /* 2 */
text-decoration: underline dotted; /* 2 */
}
/**
* Add the correct font weight in Chrome, Edge, and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Correct the inheritance and scaling of font size in all browsers.
* 2. Correct the odd `em` font sizing in all browsers.
*/
code,
kbd,
samp {
font-family: monospace, monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` elements from affecting the line height in
* all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/* Embedded content
========================================================================== */
/**
* Remove the border on images inside links in IE 10.
*/
img {
border-style: none;
}
/* Forms
========================================================================== */
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: 1.15; /* 1 */
margin: 0; /* 2 */
}
/**
* Show the overflow in IE.
* 1. Show the overflow in Edge.
*/
button,
input { /* 1 */
overflow: visible;
}
/**
* Remove the inheritance of text transform in Edge, Firefox, and IE.
* 1. Remove the inheritance of text transform in Firefox.
*/
button,
select { /* 1 */
text-transform: none;
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type="button"],
[type="reset"],
[type="submit"] {
-webkit-appearance: button;
}
/**
* Remove the inner border and padding in Firefox.
*/
button::-moz-focus-inner,
[type="button"]::-moz-focus-inner,
[type="reset"]::-moz-focus-inner,
[type="submit"]::-moz-focus-inner {
border-style: none;
padding: 0;
}
/**
* Restore the focus styles unset by the previous rule.
*/
button:-moz-focusring,
[type="button"]:-moz-focusring,
[type="reset"]:-moz-focusring,
[type="submit"]:-moz-focusring {
outline: 1px dotted ButtonText;
}
/**
* Correct the padding in Firefox.
*/
fieldset {
padding: 0.35em 0.75em 0.625em;
}
/**
* 1. Correct the text wrapping in Edge and IE.
* 2. Correct the color inheritance from `fieldset` elements in IE.
* 3. Remove the padding so developers are not caught out when they zero out
* `fieldset` elements in all browsers.
*/
legend {
box-sizing: border-box; /* 1 */
color: inherit; /* 2 */
display: table; /* 1 */
max-width: 100%; /* 1 */
padding: 0; /* 3 */
white-space: normal; /* 1 */
}
/**
* Add the correct vertical alignment in Chrome, Firefox, and Opera.
*/
progress {
vertical-align: baseline;
}
/**
* Remove the default vertical scrollbar in IE 10+.
*/
textarea {
overflow: auto;
}
/**
* 1. Add the correct box sizing in IE 10.
* 2. Remove the padding in IE 10.
*/
[type="checkbox"],
[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Correct the cursor style of increment and decrement buttons in Chrome.
*/
[type="number"]::-webkit-inner-spin-button,
[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type="search"] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to `inherit` in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/* Interactive
========================================================================== */
/*
* Add the correct display in Edge, IE 10+, and Firefox.
*/
details {
display: block;
}
/*
* Add the correct display in all browsers.
*/
summary {
display: list-item;
}
/* Misc
========================================================================== */
/**
* Add the correct display in IE 10+.
*/
template {
display: none;
}
/**
* Add the correct display in IE 10.
*/
[hidden] {
display: none;
}

139
TestesRealizados1/Squeence/themes/original/colors.css
View File

@@ -1,139 +0,0 @@
body {
background-color: #306aa0;
background-image: radial-gradient(circle at top left, #fff 0%, #8ce1d6 15em, #306aa0 100em, #386095 100%);
}
main, footer {
background-color: #fff;
}
header {
background-color: #00549e;
color: #fff;
}
a:link {
color: #004380;
}
a:visited {
color: #770d67;
}
a:focus {
background-color: #ffd54d;
}
a:hover {
background-color: #ffd54d;
}
a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
header a:link {
color: #f2f7fd;
}
header a:visited {
color: #f2b5e9;
}
header a:focus {
background-color: #ffd54d;
color: #004380;
}
header a:hover {
background-color: #ffd54d;
color: #004380;
}
header a:active {
background-color: #ffd54d;
color: #003261;
outline-color: #fff6db;
}
summary:focus {
background-color: #ffd54d;
}
summary:hover {
background-color: #ffd54d;
}
summary:active {
background-color: #ffd54d;
color: #003261;
outline-color: #f4ba00;
}
h2, h3, h4, h5, h6 {
color: #00549e;
}
.risk-level, .confidence-level {
color: #00549e;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
color: #00549e;
}
.risk-confidence-counts-table > tbody > tr {
border-top-color: #00549e;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
background-color: #00549e;
color: #fff;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
color: #00549e;
}
.site-risk-counts-table > tbody > tr {
border-top-color: #00549e;
}
.alert-type-counts-table > tbody > tr {
border-bottom-color: #00549e;
}
.alert-type-counts-table th[scope="col"] {
background-color: #00549e;
color: #fff;
}
.alert-type-counts-table th[scope="col"] {
border-left-color: #fff;
}
.alerts-table th, .alert-types-table th {
background-color: #306aa0;
color: #fff;
}
.additional-info-percentages {
color: #00549e;
}
.insights-table > tbody > tr {
border-bottom-color: #00549e;
}
.insights-table th[scope="col"] {
background-color: #00549e;
border-left-color: #fff;
color: #fff;
}

417
TestesRealizados1/Squeence/themes/original/main.css
View File

@@ -1,417 +0,0 @@
*, *::after, *::before {
box-sizing: border-box;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
}
pre, ul {
margin: 0;
}
ol {
list-style-type: none;
}
h1 {
font-size: 3em;
}
h2 {
font-size: 2em;
}
h3, h4, h5, h6 {
font-size: 1em;
}
html {
box-sizing: border-box;
font-family: Verdana, sans-serif;
line-height: 1.5;
}
body {
margin: 1.5em 0;
}
@media screen and (min-width: 50em) {
body {
margin: 1.5em 2ch;
padding: 1.5em 2ch;
}
}
a:active, header a:active {
outline-style: solid;
}
header, main {
margin: 0 auto;
max-width: 90ch;
padding: 1.5em 4ch;
}
header {
border-radius: .25em .25em 0 0;
}
main {
border-radius: 0 0 .25em .25em;
}
summary {
cursor: pointer;
}
.contents {
margin-top: 1.5em;
}
main > section {
margin-bottom: 4.5em;
}
.about-this-report > section {
margin-bottom: 3em;
}
.summaries section {
margin-bottom: 3em;
}
h2 {
margin-bottom: .75em;
}
h3 {
margin-bottom: 1.5em;
}
h4 {
margin-bottom: 1.5em;
}
.report-parameters--container h4 {
margin-top: 1.5em;
}
p {
margin: 1.5em 0;
}
p:first-of-type {
margin-top: 0;
}
p:last-of-type {
margin-bottom: 0;
}
.contents li, .alerts li, .alert-types > ol > li {
margin-top: 1.5em;
}
.alert-types h4 {
margin-bottom: 0;
}
a {
border-radius: .125em;
}
caption {
margin-bottom: 1.5em;
text-align: left;
}
code, .request-method-n-url {
overflow-wrap: anywhere;
white-space: break-spaces;
}
table {
border-collapse: collapse;
}
.report-description--container, .report-parameters--container {
margin-left: 2ch;
padding: 0 2ch;
}
.about-this-report h3, .summaries h3, .appendix h3 {
border-bottom: .05em solid;
}
.alerts h4 {
text-align: center;
}
.alerts ol {
padding-left: 0;
}
.alerts--site-li {
border: .05em solid;
border-radius: .25em;
margin-left: 2ch;
padding: 1.5em 3ch;
}
.contents ol {
list-style-position: inside;
list-style-type: square;
padding-left: 4ch;
}
.contexts-list, .sites-list {
list-style-type: square;
}
.risk-confidence-counts-table {
width: 100%;
}
.risk-confidence-counts-table tr {
height: 4.5em;
}
.risk-confidence-counts-table thead > tr {
height: 3em;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table th[scope="rowgroup"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.risk-confidence-counts-table th[scope="row"] {
padding-right: 5%;
}
@media screen and (max-width: 50em) {
.risk-confidence-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.risk-confidence-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.risk-confidence-counts-table > tbody > tr {
border-top: .05em solid;
}
.risk-confidence-counts-table th[scope="row"], .risk-confidence-counts-table td {
vertical-align: top;
}
.risk-confidence-counts-table th[scope="col"] {
vertical-align: bottom;
}
.risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.risk-confidence-counts-table th[scope="colgroup"], .risk-confidence-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.risk-confidence-counts-table td, .risk-confidence-counts-table th[scope="col"], .risk-confidence-counts-table th[scope="row"] {
text-align: right;
}
.site-risk-counts-table {
width: 100%;
}
.site-risk-counts-table tr {
height: 4.5em;
}
.site-risk-counts-table thead > tr:first-of-type {
height: 3em;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table th[scope="col"] {
hyphens: auto;
overflow-wrap: anywhere;
word-break: break-all;
}
.site-risk-counts-table th[scope="row"] {
padding-right: 1%;
}
@media screen and (max-width: 50em) {
.site-risk-counts-table th[scope="row"] {
padding-right: 1ch;
}
}
.site-risk-counts-table th[scope="rowgroup"] {
padding: 0 .5ch;
vertical-align: middle;
}
.site-risk-counts-table > tbody > tr {
border-top: .05em solid;
}
.site-risk-counts-table th[scope="row"], .site-risk-counts-table td {
vertical-align: top;
}
.site-risk-counts-table th[scope="col"] {
vertical-align: bottom;
}
.site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
font-family: monospace, monospace;
font-weight: bold;
}
.site-risk-counts-table th[scope="colgroup"], .site-risk-counts-table th[scope="rowgroup"] {
font-weight: normal;
}
.site-risk-counts-table td, .site-risk-counts-table th[scope="col"], .site-risk-counts-table th[scope="row"] {
text-align: right;
}
.alert-type-counts-table {
width: 100%;
}
.alert-type-counts-table th, .alert-type-counts-table td {
padding: 0 1rem;
text-align: left;
vertical-align: top;
}
.alert-type-counts-table td:nth-last-of-type(2) {
padding-left: 1.5rem;
}
.alert-type-counts-table > tbody > tr {
border-bottom: 0.05em dotted;
}
.alert-type-counts-table th[scope="col"] {
border-left: 1rem solid;
}
.alert-type-counts-table th[scope="col"]:first-of-type {
border-left: 0;
}
.alert-type-counts-table th[scope="col"]:last-of-type, .alert-type-counts-table td:last-of-type {
text-align: right;
}
.alert-type-counts-table th[scope="col"], .alert-type-counts-table th[scope="row"] {
font-weight: normal;
}
.alert-type-counts-table th[scope="row"], .alert-type-counts-table td {
padding-bottom: 1.5em;
}
.alert-type-counts-table thead > th:first-of-type {
width: 45%;
}
.alerts-table, .alert-types-table, .insights-table {
border-collapse: separate;
border-spacing: 2ch 1.5em;
width: 100%;
}
.alerts-table th, .alerts-table td, .alert-types-table th, .alert-types-table td, .insights-table td, .insights-table th {
vertical-align: top;
}
.alerts-table td, .alert-types-table td, .insights-table td {
overflow-wrap: anywhere;
}
.alerts-table th, .alert-types-table th, .insights-table th {
padding: 0 1ch;
}
.alerts-table td, .alert-types-table td {
padding: 0 2ch;
}
.insights-table td {
padding: 0 1ch;
}
.alerts-table summary {
margin-bottom: 1.5em;
}
.alert-tags-list {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-tags-list > li {
margin-top: 0;
}
.request-body, .response-body {
margin-top: 1.5em;
}
.request-method-n-url {
margin-bottom: 0;
}
.alert-types-table {
padding-top: 0;
}
.alert-types-table th {
width: 20%;
}
.alert-types-table ol {
list-style-position: inside;
list-style-type: square;
padding-left: 0;
}
.alert-types-table li:not(:first-of-type) {
margin-top: 1.5em;
}
p.alert-types-intro {
margin-bottom: 3em;
}
.zap-logo {
height: 1em;
margin-right: .25ch;
width: 1em;
}
h1, h2 {
font-family: Georgia, serif;
}
.risk-level, .confidence-level, .included-risk-codes, .included-confidence-codes, .additional-info-percentages {
font-family: monospace, monospace;
}
.context, .site, .request-method-n-url {
font-family: monospace, monospace;
}

BIN
TestesRealizados1/Squeence/zap32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

17
conf/httpd.conf
View File

@@ -1,11 +1,12 @@
ServerRoot "/etc/httpd"
Listen 420
ServerName "10.60.0.1"
Listen 80
User apache
Group apache
Include conf.modules.d/*.conf
IncludeOptional modsecurity.d/*.conf
IncludeOptional modsecurity.d/activated_rules/*.conf
Include conf/modsecurity.conf
<Directory />
AllowOverride none
@@ -16,7 +17,7 @@ DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted # Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
@@ -73,7 +74,11 @@ AddDefaultCharset UTF-8
ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:420>
<VirtualHost 10.60.0.1:80>
<IfModule mod_headers.c>
RequestHeader unset Accept-Encoding
</IfModule>
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>
@@ -82,4 +87,4 @@ ProxyPreserveHost On
# EnableSendfile on
IncludeOptional conf.d/*.conf
ServerAdmin jeevacation@gmail.com
# ServerName www.coimbravpn.com:420
# ServerName www.coimbravpn.com:80

38
conf/modsecurity.conf Normal file
View File

@@ -0,0 +1,38 @@
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecDebugLog /var/log/modsecurity/debug.log
SecDebugLogLevel 0
SecAuditLogParts ABIJ
SecAuditLogType Serial
SecAuditLog /var/log/modsecurity/audit.log
SecRequestBodyJsonParser On
# sql injection
SecRule REQUEST_BODY "['\"].*--" \
"id:950001,phase:2,deny,status:403,msg:'SQL Injection: quote and comment',log"
# xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
"id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"
# command injection
SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
"id:950006,phase:2,deny,status:403,msg:'COMMAND INJECTION DETECTED!!!',log"
# path traversal
SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
"id:950007,phase:2,deny,status:403,msg:'PATH TRAVERSAL ATTEMPT!!!',log"
# exposed stuff (redundante ?)
SecRule REQUEST_URI|ARGS "\%00|\%2500|ftp|metrics|api-docs" \
"id:950008,phase:2,deny,status:500,msg:'ATTEMPT TO ACCESS FTP, METRICS, API-DOCS!!!',log"
# rate limiting on login endpoint
# (max 5 requests per 30s per IP)
SecAction \
"id:950009,phase:1,initcol:ip=%{REMOTE_ADDR},pass,nolog"
SecRule REQUEST_URI "@streq /rest/user/login" \
"id:950010,phase:2,pass,nolog,setvar:ip.login_count=+1,expirevar:ip.login_count=30"
SecRule IP:LOGIN_COUNT "@gt 5" \
"id:950011,phase:2,deny,status:429,msg:'Rate Limit Exceeded on Login',log"

BIN
entrega.zip Normal file
View File

Binary file not shown.

3680
entrega.zip.asc Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
relatorio.pdf Normal file
View File

Binary file not shown.

BIN
relatorio/imgs/dir-fuzzing.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 75 KiB

BIN
relatorio/imgs/email-invalido.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
relatorio/imgs/email-unique.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
relatorio/imgs/ftp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
relatorio/imgs/login-fuzzing.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 174 KiB

BIN
relatorio/imgs/metrics.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 249 KiB

BIN
relatorio/imgs/sqlmap.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 270 KiB

BIN
relatorio/imgs/stack-trace.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
relatorio/imgs/suspiciouserrors.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

BIN
relatorio/imgs/suspiciouserrors2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
relatorio/imgs/swagger.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

BIN
relatorio/imgs/the-luscious-middle-empire-by-v0-e6o4aifoa6zg1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 MiB

59
relatorio/relatorio.aux
View File

@@ -11,25 +11,42 @@
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Network structure}{3}{subsection.2.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Servers}{3}{subsection.2.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}Services}{3}{subsection.2.3}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Web application security testing}{3}{section.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Information Gathering}{3}{subsection.3.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Web application security testing}{4}{section.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Information Gathering}{4}{subsection.3.1}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces ftp}}{4}{figure.1}\protected@file@percent }
\newlabel{fig:ftp}{{1}{4}{ftp}{figure.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Configuration and Deployment Management Testing}{4}{subsection.3.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Session Management Testing}{6}{subsection.3.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{6}{subsection.3.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{7}{subsection.3.8}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{7}{subsection.3.9}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{8}{section.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{8}{subsection.4.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{8}{subsection.4.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{8}{subsection.4.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{8}{subsection.4.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{8}{subsection.4.5}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{8}{subsection.4.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{8}{subsection.4.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{8}{subsection.4.8}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{8}{subsection.4.9}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{8}{section.5}\protected@file@percent }
\gdef \@abspage@last{8}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces metrics}}{5}{figure.2}\protected@file@percent }
\newlabel{fig:metrics}{{2}{5}{metrics}{figure.2}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces swagger}}{5}{figure.3}\protected@file@percent }
\newlabel{fig:swagger}{{3}{5}{swagger}{figure.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{6}{subsection.3.3}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces email-unique}}{7}{figure.4}\protected@file@percent }
\newlabel{fig:email-unique}{{4}{7}{email-unique}{figure.4}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Authentication Testing}{7}{subsection.3.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Authorization Testing}{7}{subsection.3.5}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces email-invalido}}{8}{figure.5}\protected@file@percent }
\newlabel{fig:email-invalido}{{5}{8}{email-invalido}{figure.5}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces suspiciouserrors}}{8}{figure.6}\protected@file@percent }
\newlabel{fig:suspiciouserrors}{{6}{8}{suspiciouserrors}{figure.6}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {7}{\ignorespaces suspiciouserrors2}}{9}{figure.7}\protected@file@percent }
\newlabel{fig:suspiciouserrors2}{{7}{9}{suspiciouserrors2}{figure.7}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Session Management Testing}{9}{subsection.3.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{9}{subsection.3.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.7.1}Testing for SQL Injection}{10}{subsubsection.3.7.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{10}{subsection.3.8}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {8}{\ignorespaces stack-trace}}{11}{figure.8}\protected@file@percent }
\newlabel{fig:stack-trace}{{8}{11}{stack-trace}{figure.8}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{11}{subsection.3.9}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{11}{section.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{12}{subsection.4.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{12}{subsection.4.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{13}{subsection.4.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{13}{subsection.4.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{13}{subsection.4.5}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{13}{subsection.4.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{13}{subsection.4.7}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{14}{subsection.4.8}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{14}{subsection.4.9}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{14}{section.5}\protected@file@percent }
\gdef \@abspage@last{14}

39
relatorio/relatorio.listing
View File

@@ -1 +1,38 @@
<img src="x" onerror="alert(localStorage.getItem('token'))">apple
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecDebugLog /var/log/modsecurity/debug.log
SecDebugLogLevel 0
SecAuditLogParts ABIJ
SecAuditLogType Serial
SecAuditLog /var/log/modsecurity/audit.log
# sql injection
SecRule REQUEST_URI|ARGS "['\";]|--" \
SecRule REQUEST_URI|ARGS "(?i:(?:select|insert|update|delete|drop|union|create|alter|truncate)\s+.+\s+from|'[^']*'|--|;|\b(or|and)\b\s+\d+\s*=\s*\d+)" \
"id:950001,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!!!',log,t:urlDecode,t:sqlHexDecode,t:lowercase"
# xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
"id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"
# command injection
SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
"id:950006,phase:2,deny,status:403,msg:'COMMAND INJECTION DETECTED!!!',log"
# path traversal
SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
"id:950007,phase:2,deny,status:403,msg:'PATH TRAVERSAL ATTEMPT!!!',log"
# exposed stuff (redundante ?)
SecRule REQUEST_URI|ARGS "\%00|\%2500|ftp|metrics|api-docs" \
"id:950008,phase:2,deny,status:500,msg:'ATTEMPT TO ACCESS FTP, METRICS, API-DOCS!!!',log"
# rate limiting on login endpoint
# (max 5 requests per 30s per IP)
SecAction \
"id:950009,phase:1,initcol:ip=%{REMOTE_ADDR},pass,nolog"
SecRule REQUEST_URI "@streq /rest/user/login" \
"id:950010,phase:2,pass,nolog,setvar:ip.login_count=+1,expirevar:ip.login_count=30"
SecRule IP:LOGIN_COUNT "@gt 5" \
"id:950011,phase:2,deny,status:429,msg:'Rate Limit Exceeded on Login',log"

1083
relatorio/relatorio.log
View File

File diff suppressed because it is too large Load Diff

27
relatorio/relatorio.out
View File

@@ -11,16 +11,17 @@
\BOOKMARK [2][-]{subsection.3.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 11
\BOOKMARK [2][-]{subsection.3.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 12
\BOOKMARK [2][-]{subsection.3.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 13
\BOOKMARK [2][-]{subsection.3.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.3}% 14
\BOOKMARK [2][-]{subsection.3.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 15
\BOOKMARK [1][-]{section.4}{\376\377\000W\000e\000b\000\040\000A\000p\000p\000l\000i\000c\000a\000t\000i\000o\000n\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000F\000i\000r\000e\000w\000a\000l\000l}{}% 16
\BOOKMARK [2][-]{subsection.4.1}{\376\377\000I\000n\000f\000o\000r\000m\000a\000t\000i\000o\000n\000\040\000G\000a\000t\000h\000e\000r\000i\000n\000g}{section.4}% 17
\BOOKMARK [2][-]{subsection.4.2}{\376\377\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n\000\040\000a\000n\000d\000\040\000D\000e\000p\000l\000o\000y\000m\000e\000n\000t\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 18
\BOOKMARK [2][-]{subsection.4.3}{\376\377\000I\000d\000e\000n\000t\000i\000t\000y\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 19
\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000u\000t\000h\000e\000n\000t\000i\000c\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 20
\BOOKMARK [2][-]{subsection.4.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 21
\BOOKMARK [2][-]{subsection.4.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 22
\BOOKMARK [2][-]{subsection.4.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 23
\BOOKMARK [2][-]{subsection.4.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.4}% 24
\BOOKMARK [2][-]{subsection.4.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 25
\BOOKMARK [1][-]{section.5}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n\000s}{}% 26
\BOOKMARK [3][-]{subsubsection.3.7.1}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000S\000Q\000L\000\040\000I\000n\000j\000e\000c\000t\000i\000o\000n}{subsection.3.7}% 14
\BOOKMARK [2][-]{subsection.3.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.3}% 15
\BOOKMARK [2][-]{subsection.3.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 16
\BOOKMARK [1][-]{section.4}{\376\377\000W\000e\000b\000\040\000A\000p\000p\000l\000i\000c\000a\000t\000i\000o\000n\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000F\000i\000r\000e\000w\000a\000l\000l}{}% 17
\BOOKMARK [2][-]{subsection.4.1}{\376\377\000I\000n\000f\000o\000r\000m\000a\000t\000i\000o\000n\000\040\000G\000a\000t\000h\000e\000r\000i\000n\000g}{section.4}% 18
\BOOKMARK [2][-]{subsection.4.2}{\376\377\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n\000\040\000a\000n\000d\000\040\000D\000e\000p\000l\000o\000y\000m\000e\000n\000t\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 19
\BOOKMARK [2][-]{subsection.4.3}{\376\377\000I\000d\000e\000n\000t\000i\000t\000y\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 20
\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000u\000t\000h\000e\000n\000t\000i\000c\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 21
\BOOKMARK [2][-]{subsection.4.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 22
\BOOKMARK [2][-]{subsection.4.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 23
\BOOKMARK [2][-]{subsection.4.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 24
\BOOKMARK [2][-]{subsection.4.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.4}% 25
\BOOKMARK [2][-]{subsection.4.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 26
\BOOKMARK [1][-]{section.5}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n\000s}{}% 27

BIN
relatorio/relatorio.pdf
View File

Binary file not shown.

BIN
relatorio/relatorio.synctex.gz
View File

Binary file not shown.

385
relatorio/relatorio.tex
View File

@@ -21,102 +21,163 @@
\newpage
\section{Introduction}
% FAZER EM ENGLISH??? O prof é BR temos que fazer em Brazileiro
Este trabalho tem como objetivo realizar testes de penetração numa aplicação
cobaia (o \textit{Juicebox}) desenhada para aprendizagem.
Este trabalho tem como objetivo utilizar o \textbf{WSTG} (Web security testing guide) e configurar um ModSecurity reverse proxy como uma \textbf{WAF}.
Para esse fim temos uma aplicação cobaia (o \textit{Juicebox}) desenhada para aprendizagem que vamos utilizar num ambiente controlado para aprender como descobrir vulnerabilidades (aplicando o \textbf{WSTG} e recorrendo ao \textbf{OWASP ZAP}) e prevenir antes do serviço estar online (elaborando uma \textbf{WAF}).
Este trabalho tem como objetivo utilizar o \textbf{WSTG} (Web security
testing guide) e configurar um ModSecurity reverse proxy como uma
\textbf{WAF}. Para esse fim temos uma aplicação cobaia (o \textit{Juicebox})
desenhada para aprendizagem que vamos utilizar num ambiente controlado
para aprender como descobrir vulnerabilidades (aplicando o \textbf{WSTG}
e recorrendo ao \textbf{OWASP ZAP}) e prevenir antes do serviço estar
online (elaborando uma \textbf{WAF}).
\section{Architecture Considered for Both Stages}
Utilizámos somente duas máquinas virtuais: um servidor a correr \textit{CentOS 9}
e um cliente a correr \textit{Kali Linux}. O servidor contém o serviço \textit{Apache},
que age como \textit{firewall} através do módulo \textit{ModSecurity}, e um servidor
\textit{Node.js} que aloja o \textit{Juicebox} --- a aplicação que vai servir de cobaia (\textit{dummy}).
\textit{Node.js} que aloja o \textit{Juicebox} --- a aplicação que vai
servir de cobaia (\textit{dummy}).
Vão ser realizadas duas etapas de testes: primeiro, sem WAF (\textit{Web Application Firewall})
e com foco em explorar vulnerabilidades na aplicação; e, posteriormente, com uma WAF configurada para
mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.
% Vão ser realizadas duas etapas de testes: primeiro, sem WAF (\textit{Web Application Firewall})
% e com foco em explorar vulnerabilidades na aplicação; e, posteriormente, com uma WAF configurada para
% mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.
Para simular utilizámos \textit{Virtual Box}, como nos outros projetos, para criar as maquinas virtuais. O cenario que foi criado tem duas máquinas virtuais (servidor e cliente), e ambas as maquinas estão ligadas há mesma rede interna. O servidor vai ser executado numa das maquinas e vai ter o sistema operativo \textit{CentOS 9}, edereço 20.60.0.1, alojar um servidor \textit{Node.js} com o \textit{Juicebox} (a aplicação cobaia) na port 3000 e contém o seviço \textit{Apache} que através do módulo \textit{ModSecurity} funcionará como \textbf{WAF}. O cliente vai ser processado na maquina com o sistema operativo \textit{Kali Linux} e vai ter o edereço 20.60.0.2.
% Para simular utilizámos \textit{Virtual Box}, como nos outros projetos, para criar as maquinas virtuais. O cenario que foi criado tem duas máquinas virtuais (servidor e cliente), e ambas as maquinas estão ligadas há mesma rede interna. O servidor vai ser executado numa das maquinas e vai ter o sistema operativo \textit{CentOS 9}, edereço 20.60.0.1, alojar um servidor \textit{Node.js} com o \textit{Juicebox} (a aplicação cobaia) na port 3000 e contém o seviço \textit{Apache} que através do módulo \textit{ModSecurity} funcionará como \textbf{WAF}. O cliente vai ser processado na maquina com o sistema operativo \textit{Kali Linux} e vai ter o edereço 20.60.0.2.
Com o ambiente criado foram realizadas duas etapas de testes:
\begin{itemize}
\item \texttt{Primeira etapa}: Explorar vulnerabilidades na aplicação que existem sem a \textbf{WAF}
\item \texttt{Segunda etapa}:Verificar que vulnerabilidades foram mitigadas da primeira etapa com o uso de uma \textbf{WAF} configurada.
\end{itemize}
Realisticamente estas etapas podiam continuar a repetir-se, até que estivessemos satisfeitos com o resultado, mas para o fim deste projeto estas etapas serão suficientes.
Realisticamente estas etapas podiam continuar a repetir-se, até que
estivessemos satisfeitos com o resultado, mas para o fim deste projeto
estas etapas serão suficientes.
\subsection{Network structure}
% 10.60.0.0 - rede externa
% 20.60.0.0 - rede interna
\begin{itemize}
\item \textbf{Client (20.60.0.0/24)} Cliente.
\item \textbf{Server (10.60.0.0/24)} Apache+ModSecurity e JuiceShop.
\end{itemize}
\subsection{Servers}
% 10.60.0.1 - router
% 20.60.0.2 - client
O router contém a firewall e o serviço juicebox.
\begin{itemize}
\item \textbf{10.60.0.1} Servidor CentOS 9 com WAF e aplicação JuiceShop.
\end{itemize}
\subsection{Services}
% juicebox - port 3000
Juicebox no port 3000
\begin{center}
\begin{tabular}{ll}
\toprule
Service & Port \\\midrule
NodeJS (JuiceShop) & 3000 \\
Apache (WAF) & 80 \\
\bottomrule
\end{tabular}
\end{center}
\section{Web application security testing}
\subsection{Information Gathering}
Utilizámos a política por omissão (\textit{default policy}) para a realização do \textit{Active Scan} através do OWASP ZAP. Com esta abordagem, obtivemos múltiplos alertas automáticos. De forma a priorizar a análise, selecionámos os cinco alertas principais com base no maior nível de risco e grau de confiança reportados pela ferramenta.
Utilizámos a política por omissão (\textit{default policy}) para a
realização do \textit{Active Scan} através do OWASP ZAP. Com esta
abordagem, obtivemos múltiplos alertas automáticos. De forma a priorizar
a análise, investigamos as alertas principais com base no maior nível de
risco e grau de confiança reportados pela ferramenta.
Para conseguir informação inicial realizamos um \textit{Active Scan} através do \textit{OWASP ZAP}, o policy utilizado para esse scan foi \textit{Default Policy}. Foi obtido vários aletas automáticos devido a esse scan e decidimos selecionar os cinco alertas principais com base no nível de risco e grau de confiança reportado pela ferramenta.
\begin{itemize}
\item \textbf{Sql Injection Vulnerability in product search}
\item \textbf{}
\item \textbf{}
\item \textbf{}
\item \textbf{}
\end{itemize}
Adicionalmente, realizámos testes de infraestrutura e mapeamento de vetores utilizando ferramentas especializadas:
% Para conseguir informação inicial realizamos um \textit{Active Scan} através do \textit{OWASP ZAP}, o policy utilizado para esse scan foi \textit{Default Policy}. Foi obtido vários aletas automáticos devido a esse scan e decidimos investigar as alertas principais com base no nível de risco e grau de confiança reportado pela ferramenta.
Adicionalmente, realizámos testes de infraestrutura utilizando ferramentas especializadas:
\begin{codeblock}{bash}
sqlmap -u "http://192.168.1.1:3000/rest/products/search?q=apple" -p q --level=5 --risk=3 --banner
\end{codeblock}
Ao executar o \textit{sqlmap}, descobrimos que o sistema de gestão de base de dados subjacente é o \textit{SQLite}.
Ao executar o \textit{sqlmap}, descobrimos que o sistema de gestão de
base de dados subjacente é o \textit{SQLite}.
Paralelamente, realizámos uma descoberta de ficheiros e diretórios
através de técnicas de \textit{fuzzing} de URLs no OWASP ZAP recorrendo
à lista de permissões da \textit{DirBuster}. Esta exploração revelou os
seguintes endpoints publicamente expostos:
Paralelamente, realizámos uma descoberta de ficheiros e diretórios através de técnicas de \textit{fuzzing} de URLs no OWASP ZAP recorrendo à lista de permissões da \textit{DirBuster}. Esta exploração revelou os seguintes endpoints publicamente expostos:
\begin{itemize}
\item \texttt{/ftp}: Servidor de armazenamento e transferência de ficheiros exposto.
\item \texttt{/metrics}: Métricas internas da infraestrutura expostas.
\item \texttt{/api-docs}: Documentação e esquemas estruturais da API.
\item \texttt{/ftp}: Servidor de armazenamento e transferência de ficheiros exposto. (Figura \ref{fig:ftp})
\item \texttt{/metrics}: Métricas internas da infraestrutura expostas. (Figura \ref{fig:metrics})
\item \texttt{/api-docs}: Documentação e esquemas estruturais da API. (Figura \ref{fig:swagger})
\end{itemize}
\begin{figure}[h!]
\centering
\includegraphics[width=\textwidth]{ftp}
\caption{ftp}
\label{fig:ftp}
\end{figure}
\begin{figure}[h!]
\centering
\includegraphics[width=\textwidth]{metrics}
\caption{metrics}
\label{fig:metrics}
\end{figure}
\begin{figure}[h!]
\centering
\includegraphics[width=\textwidth]{swagger}
\caption{swagger}
\label{fig:swagger}
\end{figure}
\subsection{Configuration and Deployment Management Testing}
\subsubsection*{Enumerate Infrastructure and Application Admin Interfaces}
Identificámos e testámos o acesso ao endpoint \texttt{/api-docs} (\textit{Swagger UI}), validando que as interfaces de documentação interna do sistema e as definições da API estavam publicamente expostas sem qualquer tipo de controlo de acesso ou autenticação prévia.
Identificámos e testámos o acesso ao endpoint \texttt{/api-docs}
(\textit{Swagger UI}), validando que as interfaces de documentação
interna do sistema e as definições da API estavam publicamente expostas
sem qualquer tipo de controlo de acesso ou autenticação prévia.
\subsubsection*{Test HTTP Methods}
Testámos os métodos HTTP permitidos pelo servidor através do envio de pedidos \texttt{OPTIONS}. Verificámos que o servidor aceita métodos potencialmente perigosos ou desnecessários para utilizadores comuns em rotas específicas, expandindo a superfície de ataque da aplicação.
Testámos os métodos HTTP permitidos pelo servidor através do envio de
pedidos \texttt{OPTIONS}. Verificámos que o servidor aceita métodos
potencialmente perigosos ou desnecessários para utilizadores comuns em
rotas específicas, expandindo a superfície de ataque da aplicação.
\subsubsection*{Test File Permission}
Analisámos as permissões de acesso no diretório \texttt{/ftp}. Verificámos que a falta de restrições rígidas ao nível do sistema de ficheiros permite a qualquer utilizador anónimo listar o conteúdo de diretórios estruturais e descarregar ficheiros não indexados na interface principal da aplicação.
Analisámos as permissões de acesso no diretório \texttt{/ftp}.
Verificámos que a falta de restrições rígidas ao nível do sistema de
ficheiros permite a qualquer utilizador anónimo listar o conteúdo de
diretórios estruturais e descarregar ficheiros não indexados na
interface principal da aplicação.
\subsection{Identity Management Testing}
\subsubsection*{Test Role Definitions}
Efetuámos testes de manipulação de parâmetros do lado do cliente através das ferramentas de programador do navegador. Adicionámos manualmente os cookies \texttt{isAdmin} com o valor \texttt{true} e \texttt{role} com o valor \texttt{admin}. Após a atualização da página, não observámos qualquer escalonamento de privilégios, indicando que a aplicação não valida perfis administrativos com base nestes cookies específicos.
Efetuámos testes de manipulação de parâmetros do lado do cliente através
das ferramentas de programador do navegador. Adicionámos manualmente os
cookies \texttt{isAdmin} com o valor \texttt{true} e \texttt{role} com o
valor \texttt{admin}. Após a atualização da página, não observámos
qualquer escalonamento de privilégios, indicando que a aplicação não
valida perfis administrativos com base nestes cookies específicos.
\subsubsection*{Test User Registration Process}
Utilizámos o OWASP ZAP para intercetar o tráfego de rede e definir um \textit{breakpoint} no pedido HTTP POST de registo de novos utilizadores. Modificámos o corpo do pedido JSON, injetando manualmente o parâmetro \texttt{"role":"admin"}:
Utilizámos o OWASP ZAP para intercetar o tráfego de rede e definir um
\textit{breakpoint} no pedido HTTP POST de registo de novos utilizadores.
Modificámos o corpo do pedido JSON, injetando manualmente o parâmetro
\texttt{"role":"admin"}:
\begin{codeblock}{json}
{
@@ -134,40 +195,102 @@ Utilizámos o OWASP ZAP para intercetar o tráfego de rede e definir um \textit{
}
\end{codeblock}
O servidor backend processou o pedido sem validar se o utilizador possuía autorização para definir o seu próprio perfil, o que resultou na criação bem-sucedida de uma conta com permissões totais de administrador (\textit{Mass Assignment Vulnerability}).
O servidor backend processou o pedido sem validar se o utilizador
possuía autorização para definir o seu próprio perfil, o que resultou
na criação bem-sucedida de uma conta com permissões totais de
administrador (\textit{Mass Assignment Vulnerability}).
\subsubsection*{Testing for Account Enumeration and Guessable User Account}
Ao tentar registar um utilizador com o e-mail \texttt{admin@juice-sh.op}, verificámos que a aplicação devolve uma mensagem de erro explícita indicando que o e-mail já se encontra registado no sistema. Este comportamento confirma a vulnerabilidade de enumeração de contas, permitindo a um atacante mapear quais os e-mails válidos na plataforma.
Ao tentar registar um utilizador com o e-mail
\texttt{admin@juice-sh.op}, verificámos que a aplicação devolve uma
mensagem de erro explícita indicando que o e-mail já se encontra
registado no sistema. Este comportamento confirma a vulnerabilidade de
enumeração de contas, permitindo a um atacante mapear quais os e-mails
válidos na plataforma.
\begin{figure}[h!]
\centering
\includegraphics[width=0.7\textwidth]{email-unique}
\caption{email-unique}
\label{fig:email-unique}
\end{figure}
\subsubsection*{Testing for Weak or Unenforced Username Policy}
Após testar vários caracteres especiais no formulário de registo, criámos um utilizador com os seguintes dados nos campos de input:
Após testar vários caracteres especiais no formulário de registo,
criámos um utilizador com os seguintes dados nos campos de input:
\begin{itemize}
\item \textbf{E-mail:} \texttt{son'or1=1--@gmail.com}
\item \textbf{Nome/Campos Adicionais:} \texttt{<h1>STRONG}
\end{itemize}
A aplicação aceitou o registo sem validar a presença de carateres de injeção SQL ou tags HTML. Contudo, verificámos que é impossível efetuar login com esta conta posteriormente, uma vez que o processo de autenticação falha e resulta num erro genérico do tipo \texttt{[object Object]} no ecrã.
A aplicação aceitou o registo sem validar a presença de carateres de
injeção SQL ou tags HTML. Contudo, verificámos que é impossível efetuar
login com esta conta posteriormente, uma vez que o processo de
autenticação falha e resulta num erro genérico do tipo
\texttt{[object Object]} no ecrã.
\begin{figure}[h!]
\centering
\includegraphics[width=0.7\textwidth]{email-invalido}
\caption{email-invalido}
\label{fig:email-invalido}
\end{figure}
\subsection{Authentication Testing}
Realizámos testes de \textit{fuzzing} automatizado contra o formulário de login utilizando dicionários de credenciais. Identificámos que a aplicação não implementa mecanismos de bloqueio de conta (*Account Lockout*) ou limitação de taxa de pedidos (*Rate Limiting*), permitindo ataques contínuos de força bruta.
Realizámos testes de \textit{fuzzing} automatizado contra o formulário
de login utilizando dicionários de credenciais. Identificámos que a
aplicação não implementa mecanismos de bloqueio de conta ou limitação
de taxa de pedidos \textit{rate limiting}, permitindo ataques contínuos
de \textit{brute force}.
\subsection{Authorization Testing}
Testámos as permissões de acesso ao diretório \texttt{/ftp} e verificámos que o servidor está configurado para permitir nativamente apenas a visualização de ficheiros com as extensões \texttt{.md} e \texttt{.pdf}.
Testámos as permissões de acesso ao diretório \texttt{/ftp} e
verificámos que o servidor está configurado para permitir nativamente
apenas a visualização de ficheiros com as extensões \texttt{.md} e
\texttt{.pdf}.
Seguidamente, explorámos falhas na validação de inputs através de uma injeção de \textit{Null Byte} codificado (\texttt{\%2500.md} ou \texttt{\%2500.pdf}). O ataque foi bem-sucedido e contornou a validação de extensões do servidor, garantindo o acesso e descarregamento de ficheiros confidenciais restritos: \texttt{encrypt.pyc} e \texttt{suspicious\_errors.yml}.
Seguidamente, explorámos falhas na validação de inputs através de uma
injeção de \textit{Null Byte} codificado (\texttt{\%2500.md} ou
\texttt{\%2500.pdf}). O ataque foi bem-sucedido e contornou a validação
de extensões do servidor, garantindo o acesso e descarregamento de
ficheiros confidenciais restritos: \texttt{encrypt.pyc} e
\texttt{suspicious\_errors.yml}.
\begin{figure}[h!]
\centering
\includegraphics[width=0.7\textwidth]{suspiciouserrors}
\caption{suspiciouserrors}
\label{fig:suspiciouserrors}
\end{figure}
\begin{figure}[h!]
\centering
\includegraphics[width=0.7\textwidth]{suspiciouserrors2}
\caption{suspiciouserrors2}
\label{fig:suspiciouserrors2}
\end{figure}
\subsection{Session Management Testing}
Identificámos que o cookie \texttt{token}, responsável por armazenar o identificador da sessão ativa do utilizador, possui a flag \texttt{HttpOnly} configurada como \texttt{false}. A ausência desta proteção significa que o token está totalmente exposto e pode ser lido por scripts do lado do cliente, tornando a sessão criticamente vulnerável a roubo por Cross-Site Scripting (XSS).
Identificámos que o cookie \texttt{token}, responsável por armazenar o
identificador da sessão ativa do utilizador, possui a flag
\texttt{HttpOnly} configurada como \texttt{false}. A ausência desta
proteção significa que o token está totalmente exposto e pode ser lido
por scripts do lado do cliente, tornando a sessão criticamente vulnerável
a roubo por Cross-Site Scripting (XSS).
\subsection{Input Validation Testing}
\subsubsection*{Testing for Reflected Cross Site Scripting}
Durante a auditoria à barra de pesquisa de produtos, validámos a existência de uma vulnerabilidade de \textit{Reflected Cross-Site Scripting} (XSS) devido à ausência de higienização do input do utilizador.
Durante a auditoria à barra de pesquisa de produtos, validámos a
existência de uma vulnerabilidade de \textit{Reflected Cross-Site
Scripting} (XSS) devido à ausência de higienização do input do
utilizador.
\begin{enumerate}
\item \textbf{Injeção HTML:} Introduzimos o valor \texttt{<h1>apple} na pesquisa e verificámos que o resultado foi renderizado no navegador como um título estrutural, confirmando que o código HTML é injetado diretamente na página.
@@ -179,7 +302,10 @@ Durante a auditoria à barra de pesquisa de produtos, validámos a existência d
O filtro falhou ao inspecionar este atributo e o navegador executou o código JavaScript com sucesso quando a imagem falhou o carregamento.
\end{enumerate}
Adicionalmente, explorámos o mesmo parâmetro de pesquisa recorrendo ao \textit{sqlmap} para validar falhas de injeção SQL, conseguindo extrair com sucesso a estrutura de 22 tabelas da base de dados:
\subsubsection{Testing for SQL Injection}
Adicionalmente, explorámos o mesmo parâmetro de pesquisa recorrendo ao
\textit{sqlmap} para validar falhas de injeção SQL, conseguindo extrair
com sucesso a estrutura de 22 tabelas da base de dados:
\begin{codeblock}{bash}
sqlmap -u "http://10.60.0.1:3000/rest/products/search?q=apple" -p q --dbms=sqlite --prefix="'%" --suffix="%'--" --tables --batch
@@ -210,17 +336,40 @@ sqlmap -u "http://10.60.0.1:3000/rest/products/search?q=apple" -p q --dbms=sqlit
| sqlite_sequence |
+-----------------------+
\end{codeblock}
\subsubsection{Testing for SQL Injection}
Apesar de não ter sido detetado pelo active scan foi feito fuzzing nos detalhes de login para saber se estava vulneravel a esse tipo de ataques visto que existia essa vulnerabilidade noutros paremetros. Verificamos que de facto também estava vulneravel a SQL Injection, e que a resposta era a tabela com o
Apesar de não ter sido detetado pelo active scan foi feito fuzzing nos
detalhes de login para saber se estava vulneravel a esse tipo de ataques
visto que existia essa vulnerabilidade noutros paremetros. Verificamos
que de facto também estava vulneravel a SQL Injection, e que a resposta
era a tabela com o
\subsection{Testing for Error Handling}
Ao tentar forçar o acesso a uma página ou ficheiro inexistente no servidor de ficheiros, como por exemplo na rota \texttt{/ftp/teste}, a aplicação falhou ao tratar a exceção de forma segura. Em vez de apresentar uma página de erro genérica (404), o servidor devolveu uma resposta detalhada expondo o \textit{stack trace} completo do ambiente \textit{Express.js}, revelando caminhos internos do sistema de ficheiros do servidor.
Ao tentar forçar o acesso a uma página ou ficheiro inexistente no
servidor de ficheiros, como por exemplo na rota \texttt{/ftp/teste},
a aplicação falhou ao tratar a exceção de forma segura. Em vez de
apresentar uma página de erro genérica (404), o servidor devolveu uma
resposta detalhada expondo o \textit{stack trace} completo do ambiente
\textit{Express.js}, revelando caminhos internos do sistema de ficheiros
do servidor.
\begin{figure}[h!]
\centering
\includegraphics[width=0.7\textwidth]{stack-trace}
\caption{stack-trace}
\label{fig:stack-trace}
\end{figure}
\subsection{Client Side Testing}
Validámos que o token de sessão (JWT) do utilizador autenticado está armazenado diretamente no \texttt{localStorage} do navegador. Uma vez que o \texttt{localStorage} não possui mecanismos de proteção equivalentes à flag \texttt{HttpOnly} dos cookies, qualquer script executado no contexto da página consegue ler estes dados.
Validámos que o token de sessão (JWT) do utilizador autenticado está
armazenado diretamente no \texttt{localStorage} do navegador. Uma vez
que o \texttt{localStorage} não possui mecanismos de proteção
equivalentes à flag \texttt{HttpOnly} dos cookies, qualquer script
executado no contexto da página consegue ler estes dados.
Utilizando a falha de XSS identificada anteriormente na barra de pesquisas, injetámos o seguinte payload direcionado:
@@ -228,21 +377,151 @@ Utilizando a falha de XSS identificada anteriormente na barra de pesquisas, inje
<img src="x" onerror="alert(localStorage.getItem('token'))">apple
\end{codeblock}
A execução deste vetor permitiu extrair o conteúdo do token diretamente do armazenamento local da vítima. Isto prova que um atacante pode automatizar a exfiltração destas informações e assumir a identidade de qualquer utilizador afetado sem necessitar de saber as credenciais de acesso de forma persistente.
A execução deste vetor permitiu extrair o conteúdo do token diretamente
do armazenamento local da vítima. Isto prova que um atacante pode
automatizar a exfiltração destas informações e assumir a identidade de
qualquer utilizador afetado sem necessitar de saber as credenciais de
acesso de forma persistente.
\section{Web Application Security Firewall}
% Esta seccao sera preenchida com os resultados da Segunda Etapa (Com WAF ativada)
\begin{codeblock}{modsecurity.conf}
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecDebugLog /var/log/modsecurity/debug.log
SecDebugLogLevel 0
SecAuditLogParts ABIJ
SecAuditLogType Serial
SecAuditLog /var/log/modsecurity/audit.log
# sql injection
SecRule REQUEST_URI|ARGS "['\";]|--" \
SecRule REQUEST_URI|ARGS "(?i:(?:select|insert|update|delete|drop|union|create|alter|truncate)\s+.+\s+from|'[^']*'|--|;|\b(or|and)\b\s+\d+\s*=\s*\d+)" \
"id:950001,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!!!',log,t:urlDecode,t:sqlHexDecode,t:lowercase"
# xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
"id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"
# command injection
SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
"id:950006,phase:2,deny,status:403,msg:'COMMAND INJECTION DETECTED!!!',log"
# path traversal
SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
"id:950007,phase:2,deny,status:403,msg:'PATH TRAVERSAL ATTEMPT!!!',log"
# exposed stuff (redundante ?)
SecRule REQUEST_URI|ARGS "\%00|\%2500|ftp|metrics|api-docs" \
"id:950008,phase:2,deny,status:500,msg:'ATTEMPT TO ACCESS FTP, METRICS, API-DOCS!!!',log"
# rate limiting on login endpoint
# (max 5 requests per 30s per IP)
SecAction \
"id:950009,phase:1,initcol:ip=%{REMOTE_ADDR},pass,nolog"
SecRule REQUEST_URI "@streq /rest/user/login" \
"id:950010,phase:2,pass,nolog,setvar:ip.login_count=+1,expirevar:ip.login_count=30"
SecRule IP:LOGIN_COUNT "@gt 5" \
"id:950011,phase:2,deny,status:429,msg:'Rate Limit Exceeded on Login',log"
\end{codeblock}
\subsection{Information Gathering}
O acesso direto via URL (e.g., \texttt{/ftp}, \texttt{/metrics}, \texttt{/api-docs}) é
mitigado pela regra id:950008, que inspeciona o caminho do pedido (\texttt{REQUEST\_URI})
e devolve \texttt{500} ao bloquear qualquer acesso direto a estes endpoints!
A mitigação desta categoria é, portanto, completa ao nível de pedidos HTTP.
\subsection{Configuration and Deployment Management Testing}
A restrição de métodos HTTP e a validação de permissões de diretório requerem
intervenção ao nível do servidor Apache ou da aplicação, estando fora do âmbito
das regras \texttt{SecRule} definidas.
\subsection{Identity Management Testing}
A regra de XSS/injeção HTML (id:950003) bloqueia eficazmente o registo de utilizadores
com tags HTML nos campos de \textit{input}, como \texttt{<h1>STRONG}, devolvendo um erro
\texttt{403 Forbidden} antes que o pedido chegue à aplicação.
A vulnerabilidade de escalonamento de permissões (injeção do campo
\texttt{"role":"admin"} no corpo JSON do registo) \textbf{é mitigada
pela regra id:950006}, que deteta a sequência
\texttt{"role".*:.*"admin"} nos argumentos do pedido e devolve
\texttt{403 Forbidden}, impedindo a criação de contas com perfil de
administrador.
A enumeração de contas via mensagens de erro da aplicação \textbf{permanece sem mitigação} ao nível da WAF.
\subsection{Authentication Testing}
As regras id:950009--950011 implementam um mecanismo de \textit{rate limiting} sobre o
endpoint de autenticação (\texttt{/rest/user/login}). Para cada endereço IP, é mantido
um contador de pedidos com janela deslizante de 30 segundos: ao ultrapassar 5 tentativas
nessa janela, o servidor devolve \texttt{429 Too Many Requests}, bloqueando eficazmente
ataques de \textit{brute force} por dicionário.
O bloqueio de contas após múltiplas tentativas falhadas permanece fora do âmbito da WAF,
exigindo lógica aplicacional.
\subsection{Authorization Testing}
A regra id:950007 e id:950008 bloqueiam o uso de \textit{null byte}
codificadas para cobrir este vetor de ataque.
\subsection{Session Management Testing}
A configuração da WAF não tem capacidade de alterar os atributos dos
cookies definidos pela aplicação. Logo, a flag \texttt{HttpOnly} do cookie
\texttt{token} continua ausente, uma vez que esta é uma propriedade
definida pelo \textit{JuiceShop}. Ainda assim, a mitigação do XSS
pela regra id:950003, descrita na subsecção seguinte, reduz
indiretamente o risco de roubo de sessão ao bloquear os vetores que
permitiriam a sua exploração.
\subsection{Input Validation Testing}
A regra de SQL Injection (id:950001) bloqueia com sucesso pedidos ao
endpoint de pesquisa de produtos que contenham caracteres como
\texttt{'}, \texttt{"}, \texttt{;} ou a sequência \texttt{--},
devolvendo \texttt{403 Forbidden}.
O payload utilizado pelo \textit{sqlmap} ou por outros fuzzers
com \textit{SQL injections} são interceptado nesta fase.
A regra de XSS/injeção HTML (id:950003) bloqueia igualmente os payloads com tags
\texttt{<img src="x" onerror="...">} e \texttt{<h1>}, neutralizando
ambos estes vetores de ataque.
\subsection{Testing for Error Handling}
A exposição do \textit{stack trace} do \textit{Express.js} em rotas
inexistentes (e.g., \texttt{/ftp/teste}) aind não é mitigada. Para
suprimir estas respostas de erro detalhadas era necessário ativar
a inspeção do corpo da resposta e definir regras sobre o seu
conteúdo, ou configurar páginas de erro personalizadas no Apache.
\subsection{Client Side Testing}
O payload de exfiltração do token JWT via XSS
(\texttt{<img src="x" onerror="alert(localStorage.getItem('token'))">})
é bloqueado pela regra id:950003, uma vez que contém a expressão
\texttt{<.*>}.
\section{Conclusions}
Foi feita uma análise extensa dos possiveis vetores de ataque da aplicação
e com isso desenvolvemos uma \textbf{WAF} que cobriu uma maioria dos
ataques. Contudo, as vulnerabilidades estruturais da aplicação, como a ausência de flags \texttt{HttpOnly} em cookies,
a lógica de enumeração de utilizadores e a exposição de \textit{stack traces}, competem diretamente
ao desenvolvimento seguro do código e à configuração do web server.
Em suma, com poucas regras simples foi possible bloquear a maioria das ameaças de
injeção de código malicioso, no entanto, para cobrir uma maior superficie
de ataques seria necessário mudar a lógica interna da aplicação.
\end{document}

41
relatorio/relatorio.toc
View File

@@ -4,24 +4,25 @@
\contentsline {subsection}{\numberline {2.1}Network structure}{3}{subsection.2.1}%
\contentsline {subsection}{\numberline {2.2}Servers}{3}{subsection.2.2}%
\contentsline {subsection}{\numberline {2.3}Services}{3}{subsection.2.3}%
\contentsline {section}{\numberline {3}Web application security testing}{3}{section.3}%
\contentsline {subsection}{\numberline {3.1}Information Gathering}{3}{subsection.3.1}%
\contentsline {section}{\numberline {3}Web application security testing}{4}{section.3}%
\contentsline {subsection}{\numberline {3.1}Information Gathering}{4}{subsection.3.1}%
\contentsline {subsection}{\numberline {3.2}Configuration and Deployment Management Testing}{4}{subsection.3.2}%
\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}%
\contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}%
\contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}%
\contentsline {subsection}{\numberline {3.6}Session Management Testing}{6}{subsection.3.6}%
\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{6}{subsection.3.7}%
\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{7}{subsection.3.8}%
\contentsline {subsection}{\numberline {3.9}Client Side Testing}{7}{subsection.3.9}%
\contentsline {section}{\numberline {4}Web Application Security Firewall}{8}{section.4}%
\contentsline {subsection}{\numberline {4.1}Information Gathering}{8}{subsection.4.1}%
\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{8}{subsection.4.2}%
\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{8}{subsection.4.3}%
\contentsline {subsection}{\numberline {4.4}Authentication Testing}{8}{subsection.4.4}%
\contentsline {subsection}{\numberline {4.5}Authorization Testing}{8}{subsection.4.5}%
\contentsline {subsection}{\numberline {4.6}Session Management Testing}{8}{subsection.4.6}%
\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{8}{subsection.4.7}%
\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{8}{subsection.4.8}%
\contentsline {subsection}{\numberline {4.9}Client Side Testing}{8}{subsection.4.9}%
\contentsline {section}{\numberline {5}Conclusions}{8}{section.5}%
\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{6}{subsection.3.3}%
\contentsline {subsection}{\numberline {3.4}Authentication Testing}{7}{subsection.3.4}%
\contentsline {subsection}{\numberline {3.5}Authorization Testing}{7}{subsection.3.5}%
\contentsline {subsection}{\numberline {3.6}Session Management Testing}{9}{subsection.3.6}%
\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{9}{subsection.3.7}%
\contentsline {subsubsection}{\numberline {3.7.1}Testing for SQL Injection}{10}{subsubsection.3.7.1}%
\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{10}{subsection.3.8}%
\contentsline {subsection}{\numberline {3.9}Client Side Testing}{11}{subsection.3.9}%
\contentsline {section}{\numberline {4}Web Application Security Firewall}{11}{section.4}%
\contentsline {subsection}{\numberline {4.1}Information Gathering}{12}{subsection.4.1}%
\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{12}{subsection.4.2}%
\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{13}{subsection.4.3}%
\contentsline {subsection}{\numberline {4.4}Authentication Testing}{13}{subsection.4.4}%
\contentsline {subsection}{\numberline {4.5}Authorization Testing}{13}{subsection.4.5}%
\contentsline {subsection}{\numberline {4.6}Session Management Testing}{13}{subsection.4.6}%
\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{13}{subsection.4.7}%
\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{14}{subsection.4.8}%
\contentsline {subsection}{\numberline {4.9}Client Side Testing}{14}{subsection.4.9}%
\contentsline {section}{\numberline {5}Conclusions}{14}{section.5}%

2
relatorio/style.sty
View File

@@ -8,7 +8,7 @@
\usepackage[dvipsnames]{xcolor}
\usepackage{enumitem,amssymb}
\usepackage[colorlinks=true,urlcolor=blue,linkcolor=MidnightBlue]{hyperref}
\graphicspath{{./img/}}
\graphicspath{{./imgs/}}
\usepackage{enumitem,amssymb}
\newlist{todolist}{itemize}{2}