{
  "security_score": 35,
  "security_grade": "D",
  "test_results": {
    "CORS Configuration": false,
    "Authentication Security": true,
    "Input Validation": true,
    "Information Disclosure": true,
    "Rate Limiting": true,
    "Security Headers": false
  },
  "test_pass_rate": 66.66666666666666,
  "vulnerabilities": [
    {
      "severity": "MEDIUM",
      "category": "CORS",
      "description": "CORS headers not configured - potential cross-origin issues",
      "details": {
        "missing_headers": [
          "Access-Control-Allow-Origin"
        ]
      },
      "timestamp": "2025-08-15T07:54:21.685241"
    },
    {
      "severity": "LOW",
      "category": "Information Disclosure",
      "description": "Server version information disclosed in headers",
      "details": {
        "server_header": "uvicorn"
      },
      "timestamp": "2025-08-15T07:54:21.740150"
    },
    {
      "severity": "MEDIUM",
      "category": "Rate Limiting",
      "description": "No rate limiting detected - potential DoS vulnerability",
      "details": {
        "rps": 944.6885951872573,
        "total_requests": 50
      },
      "timestamp": "2025-08-15T07:54:21.794141"
    },
    {
      "severity": "MEDIUM",
      "category": "Security Headers",
      "description": "Missing security header: X-Content-Type-Options",
      "details": {
        "missing_header": "X-Content-Type-Options"
      },
      "timestamp": "2025-08-15T07:54:21.795154"
    },
    {
      "severity": "MEDIUM",
      "category": "Security Headers",
      "description": "Missing security header: X-Frame-Options",
      "details": {
        "missing_header": "X-Frame-Options"
      },
      "timestamp": "2025-08-15T07:54:21.795160"
    },
    {
      "severity": "LOW",
      "category": "Security Headers",
      "description": "Missing security header: X-XSS-Protection",
      "details": {
        "missing_header": "X-XSS-Protection"
      },
      "timestamp": "2025-08-15T07:54:21.795164"
    },
    {
      "severity": "LOW",
      "category": "Security Headers",
      "description": "Missing security header: Strict-Transport-Security",
      "details": {
        "missing_header": "Strict-Transport-Security"
      },
      "timestamp": "2025-08-15T07:54:21.795167"
    },
    {
      "severity": "LOW",
      "category": "Security Headers",
      "description": "Missing security header: Content-Security-Policy",
      "details": {
        "missing_header": "Content-Security-Policy"
      },
      "timestamp": "2025-08-15T07:54:21.795169"
    },
    {
      "severity": "LOW",
      "category": "Security Headers",
      "description": "Missing security header: Referrer-Policy",
      "details": {
        "missing_header": "Referrer-Policy"
      },
      "timestamp": "2025-08-15T07:54:21.795172"
    }
  ],
  "vulnerability_summary": {
    "critical": 0,
    "high": 0,
    "medium": 4,
    "low": 5
  },
  "recommendations": [
    "Configure CORS properly with specific origins instead of wildcards",
    "Implement missing security headers to prevent common web attacks",
    "Implement rate limiting to prevent abuse and DoS attacks",
    "Enable HTTPS/TLS encryption for all communications",
    "Implement comprehensive logging and monitoring",
    "Regular security updates and dependency scanning",
    "Consider Web Application Firewall (WAF) for additional protection"
  ],
  "audit_timestamp": "2025-08-15T07:54:21.795222"
}