Web Application VAPT - Framework

A - Java: Spring Framework

A1: Directory traversal with static resource handling (CVE-2014-3625)

• https://pivotal.io/security/cve-2014-3625

A2: Spring Boot Actuator

• /autoconfig
• /beans
• /configprops
• /dump
• /env
• /health
• /info
• /metrics
• /mappings
• /trace

Reference:

https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/html5/#new