1. WAST RedirectScanner Hardcodes 'evil.com', Flooding Real Domain with Uncontrolled Traffic
The WAST security scanner's RedirectScanner module is hardcoded to send all its test traffic to the real, publicly registered domain 'evil.com'. This design flaw forces every scan to generate live DNS lookups and HTTP redirect attempts to a third-party host outside the project's control, creating an uncontrolled extern...