Skip to main content
parlov
Correct behavior
can be a
vulnerability.
Most tools look for what's
broken
.
parlov looks for what's
working correctly
.
Read the methodology
BASELINE
GET
/api/users/
usr_1a2b3c
Authorization: Bearer
•••••
HTTP/1.1
403 Forbidden
Content-Type: application/json
{
"error"
:
"access_denied"
}
PROBE
GET
/api/users/
usr_9x8y7z
Authorization: Bearer
•••••
HTTP/1.1
404 Not Found
Content-Type: application/json
{
"error"
:
"not_found"
}
⚠
1 security finding
parlov
{
"version"
:
"2.1.0"
,
"runs"
: [
{
"tool"
: {
"driver"
: {
"name"
:
"parlov"
} },
"results"
: [
{
"ruleId"
:
"PAR001"
,
"level"
:
"error"
,
"message"
:
{
"text"
:
"Resource existence confirmed"
},
"properties"
:
{
"severity"
:
"High"
,
"baseline_status"
:
403
,
"probe_status"
:
404
}
}]
}]
}
Oracle Classes
→
RFC Standards
→
Elicitation Techniques
→
Roadmap
→