Vulnerability Detection
Vulnerability Detection
OK-RASP supports the detection of almost all types of vulnerabilities. The main vulnerabilities it supports are as follows:
1.Command execution
- JDK Native Command
2.Deserialization
- JDK deserialization
- JSON
- YAML
- XML
3.HTTP
- IP blacklist
- URL blacklist
- Scanner identification
4.XXE
- Dom4j
- Jdom
- Apache Xerces
5.File access
- Java IO
- Java NIO
6.Expression
- SPEL
- OGNL
- EL
- mvel2
- jexl2
- jexl3
7.SQL injection
- MySql
8.JNDI
9.SSRF
- HttpClient
- Java Socket
- Protocol
10.Auth-bypass
- Shiro
- Tomcat
11.Classloader
- BCEL ClassLoader
- Java ClassLoader
12.Script engine
- Mozilla Javascript
- Velocity
13.Memory shell
- JavaAgent Shell
- Spring Controller Shell
- Websocket Shell
- Spring HandlerInterceptor Shell
- ServletListener Shell
14.Reflect
- Method Reflect
- Field Reflect
15.JNI
16.String Decode
- JDK
- Apache-codec
- Tomcat