Security Matrix
Vulnerability Reference
A comprehensive list of security flaws WSHawk is designed to identify and verify.
Broken Authentication
CRITICALWSH-001
Description: WebSocket connection established without valid session token or with predictable identifiers.
Remediation: Enforce strict auth handshakes. Use cryptographically secure session IDs.
Missing Origin Validation
HIGHWSH-002
Description: Cross-Site WebSocket Hijacking possible because server doesn't verify the 'Origin' header.
Remediation: Implement strict whitelist of allowed domains in the Origin header.
Message-Level Injection
HIGH/CRITICALWSH-003
Description: Injecting malicious data into JSON/XML fields resulting in SQLi, XSS, or Command Injection.
Remediation: Validate and sanitize all incoming data against a strict schema.
Missing Rate Limiting
MEDIUMWSH-004
Description: Lack of flood protection allows for resource exhaustion or credentials brute-force.
Remediation: Implement circuit breakers and sliding-window rate limits.