API Attacks

Test Name

API ID

Description

Detectable Vulnerabilities

AWS S3 Takeover

amazon_s3_takeover

Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution

Amazon AWS S3 bucket takeover

Broken JWT Authentication

jwt

Tests for secure implementation of JSON Web Token (JWT) in the application

Broken JWT Authentication

Broken Object Property Authorization

bopla

Tests if the application properly enforces access controls on individual properties of an object

Broken Object Property Authorization

Broken SAML Authentication

broken_saml_auth

Tests for secure implementation of SAML authentication in the application

Broken SAML Authentication

Business Constraint Bypass

business_constraint_bypass

Tests if the limitation of the number of retrievable items via an API call is configured properly

Business Constraint Bypass

Cookie Security

cookie_security

Tests if the application uses and implements cookies with secure attributes

Missing 'httponly' Flag in Cookie

Missing 'secure' Flag in Cookie

Predictable Cookie Value

Date Manipulation

date_manipulation

Tests if date ranges are set and validated properly

Unvalidated Date Range

Directory Listing

directory_listing

Tests if server-side directory listing is possible

Directory Listing

Email Injection

email_injection

Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing

Email Header Injection

Excessive Data Exposure

excessive_data_exposure

Tests application for not screening sensitive information on the server side

Excessive Data Exposure

File Upload

file_upload

Tests if file upload mechanisms are validated properly and denies upload of malicious content

Unrestricted File Upload

Full Path Disclosure (FPD)

full_path_disclosure

Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path

Full Path Disclosure

GraphQL Introspection

graphql_introspection

GraphQL data availability test for queries coming from external IP-address

GraphQL introspection

Headers Security Check

header_security

Tests for proper Security Headers configuration

Misconfigured Security Headers

HTML Injection

html_injection

Tests if various application parameters are vulnerable to HTML injection

HTML Injection

HTTP Method Fuzzer

http_method_fuzzing

Tests enumeration of possible HTTP methods for vulnerabilities

Insecure HTTP Method

ID Enumeration (BOLA)

id_enumeration

Tests if it is possible to collect valid user ID data by interacting with the target application

ID Enumeration

Improper Assets Management

improper_asset_management

Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges

Improper Assets Management

Insecure TLS Configuration

insecure_tls_configuration

Tests SSL/TLS ciphers and configurations for vulnerabilities

Insecure TLS Configuration

LDAP Injection

ldapi

Tests if various application parameters are vulnerable to unauthorized LDAP access

LDAP Error

Local File Inclusion (LFI)

lfi

Tests if various application parameters are vulnerable to loading of unauthorized local system resources

Local File Inclusion (LFI)

MongoDB Injection

nosql

Tests if an attacker is able to inject malicious input into a NoSQL database query

MongoDB Injection (NoSQLI injection)

Open Cloud Storage

open_cloud_storage

Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests

Open Cloud Storage

Open DataBase

open_database

Tests if exposed database connection strings are open to public connections

Exposed Database Access

Exposed Database Connection String

OS Command Injection

osi

Tests if various application parameters are vulnerable to Operation System (OS) command injection

OS Command Injection

Remote File Inclusion (RFI)

rfi

Tests if various application parameters are vulnerable to loading of unauthorized remote system resources

Remote File Inclusion (RFI)

Secret Tokens

secret_tokens

Tests for exposure of secret API tokens or keys in the target application

Secret Tokens Leak

Server Side Template Injection (SSTI)

ssti

Tests if various application parameters are vulnerable to server-side code execution

Server Side Template Injection (SSTI)

Server-Side JavaScript Injection

server_side_js_injection

Test if the application incorrectly evaluates user-controllable data as code on the server side.

Server-Side Request Forgery (SSRF)

ssrf

Tests if various application parameters are vulnerable to internal resource access

Server Side Request Forgery (SSRF)

SQL Injection (SQLI)

sqli

SQL Injection tests vulnerable parameters for SQL database access

Database Error Message Disclosure

SQL Injection

Version Control System

version_control_systems

Tests if it is possible to access Version Control System (VCS) resources

Version Control System Exposure

XPath Injection

xpathi

Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions

XPath Injection