API Attacks
| Test Name | API ID | Description | Detectable Vulnerabilities |
|---|---|---|---|
| AWS S3 Takeover | amazon_s3_takeover | Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | Amazon AWS S3 bucket takeover |
| Broken JWT Authentication | jwt | Tests for secure implementation of JSON Web Token (JWT) in the application | Broken JWT Authentication |
| Broken Object Property Authorization | bopla | Tests if the application properly enforces access controls on individual properties of an object | Broken Object Property Authorization |
| Broken SAML Authentication | broken_saml_auth | Tests for secure implementation of SAML authentication in the application | Broken SAML Authentication |
| Business Constraint Bypass | business_constraint_bypass | Tests if the limitation of the number of retrievable items via an API call is configured properly | Business Constraint Bypass |
| Cookie Security | cookie_security | Tests if the application uses and implements cookies with secure attributes | Missing 'httponly' Flag in CookieMissing 'secure' Flag in CookiePredictable Cookie Value |
| Date Manipulation | date_manipulation | Tests if date ranges are set and validated properly | Unvalidated Date Range |
| Directory Listing | directory_listing | Tests if server-side directory listing is possible | Directory Listing |
| Email Injection | email_injection | Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | Email Header Injection |
| Excessive Data Exposure | excessive_data_exposure | Tests application for not screening sensitive information on the server side | Excessive Data Exposure |
| File Upload | file_upload | Tests if file upload mechanisms are validated properly and denies upload of malicious content | Unrestricted File Upload |
| Full Path Disclosure (FPD) | full_path_disclosure | Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path | Full Path Disclosure |
| GraphQL Introspection | graphql_introspection | GraphQL data availability test for queries coming from external IP-address | GraphQL introspection |
| Headers Security Check | header_security | Tests for proper Security Headers configuration | Misconfigured Security Headers |
| HTML Injection | html_injection | Tests if various application parameters are vulnerable to HTML injection | HTML Injection |
| HTTP Method Fuzzer | http_method_fuzzing | Tests enumeration of possible HTTP methods for vulnerabilities | Insecure HTTP Method |
| ID Enumeration (BOLA) | id_enumeration | Tests if it is possible to collect valid user ID data by interacting with the target application | ID Enumeration |
| Improper Assets Management | improper_asset_management | Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges | Improper Assets Management |
| Insecure TLS Configuration | insecure_tls_configuration | Tests SSL/TLS ciphers and configurations for vulnerabilities | Insecure TLS Configuration |
| LDAP Injection | ldapi | Tests if various application parameters are vulnerable to unauthorized LDAP access | LDAP Error |
| Local File Inclusion (LFI) | lfi | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | Local File Inclusion (LFI) |
| MongoDB Injection | nosql | Tests if an attacker is able to inject malicious input into a NoSQL database query | MongoDB Injection (NoSQLI injection) |
| Open Cloud Storage | open_cloud_storage | Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests | Open Cloud Storage |
| Open DataBase | open_database | Tests if exposed database connection strings are open to public connections | Exposed Database AccessExposed Database Connection String |
| OS Command Injection | osi | Tests if various application parameters are vulnerable to Operation System (OS) command injection | OS Command Injection |
| Remote File Inclusion (RFI) | rfi | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | Remote File Inclusion (RFI) |
| Secret Tokens | secret_tokens | Tests for exposure of secret API tokens or keys in the target application | Secret Tokens Leak |
| Server Side Template Injection (SSTI) | ssti | Tests if various application parameters are vulnerable to server-side code execution | Server Side Template Injection (SSTI) |
| Server-Side JavaScript Injection | server_side_js_injection | Test if the application incorrectly evaluates user-controllable data as code on the server side. | |
| Server-Side Request Forgery (SSRF) | ssrf | Tests if various application parameters are vulnerable to internal resource access | Server Side Request Forgery (SSRF) |
| SQL Injection (SQLI) | sqli | SQL Injection tests vulnerable parameters for SQL database access | Database Error Message DisclosureSQL Injection |
| Version Control System | version_control_systems | Tests if it is possible to access Version Control System (VCS) resources | Version Control System Exposure |
| XPath Injection | xpathi | Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions | XPath Injection |
Updated 10 months ago