API Attacks
Test Name | API ID | Description | Detectable Vulnerabilities |
---|---|---|---|
AWS S3 Takeover |
| Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | |
Broken JWT Authentication |
| Tests for secure implementation of JSON Web Token (JWT) in the application | |
Broken Object Property Authorization |
| Tests if the application properly enforces access controls on individual properties of an object | |
Broken SAML Authentication |
| Tests for secure implementation of SAML authentication in the application | |
Business Constraint Bypass |
| Tests if the limitation of the number of retrievable items via an API call is configured properly | |
Cookie Security |
| Tests if the application uses and implements cookies with secure attributes | Missing 'httponly' Flag in Cookie |
Date Manipulation |
| Tests if date ranges are set and validated properly | |
Directory Listing |
| Tests if server-side directory listing is possible | |
Email Injection |
| Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | |
Excessive Data Exposure |
| Tests application for not screening sensitive information on the server side | |
File Upload |
| Tests if file upload mechanisms are validated properly and denies upload of malicious content | |
Full Path Disclosure (FPD) |
| Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path | |
GraphQL Introspection |
| GraphQL data availability test for queries coming from external IP-address | |
Headers Security Check |
| Tests for proper Security Headers configuration | |
HTML Injection |
| Tests if various application parameters are vulnerable to HTML injection | |
HTTP Method Fuzzer |
| Tests enumeration of possible HTTP methods for vulnerabilities | |
ID Enumeration (BOLA) |
| Tests if it is possible to collect valid user ID data by interacting with the target application | |
Improper Assets Management |
| Tests if older or development versions of API endpoints are exposed and can be used to get unauthorized access to data and privileges | |
Insecure TLS Configuration |
| Tests SSL/TLS ciphers and configurations for vulnerabilities | |
LDAP Injection |
| Tests if various application parameters are vulnerable to unauthorized LDAP access | |
Local File Inclusion (LFI) |
| Tests if various application parameters are vulnerable to loading of unauthorized local system resources | |
MongoDB Injection |
| Tests if an attacker is able to inject malicious input into a NoSQL database query | |
Open Cloud Storage |
| Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests | |
Open DataBase |
| Tests if exposed database connection strings are open to public connections | |
OS Command Injection |
| Tests if various application parameters are vulnerable to Operation System (OS) command injection | |
Remote File Inclusion (RFI) |
| Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | |
Secret Tokens |
| Tests for exposure of secret API tokens or keys in the target application | |
Server Side Template Injection (SSTI) |
| Tests if various application parameters are vulnerable to server-side code execution | |
Server-Side JavaScript Injection |
| Test if the application incorrectly evaluates user-controllable data as code on the server side. | |
Server-Side Request Forgery (SSRF) |
| Tests if various application parameters are vulnerable to internal resource access | |
SQL Injection (SQLI) |
| SQL Injection tests vulnerable parameters for SQL database access | |
Version Control System |
| Tests if it is possible to access Version Control System (VCS) resources | |
XPath Injection |
| Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions |
Updated 4 days ago