Server-Side Attacks

Test Name

API ID

Description

Detectable Vulnerabilities

AWS S3 Takeover

amazon_s3_takeover

Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution

Amazon AWS S3 bucket takeover

Broken JWT Authentication

jwt

Tests for secure implementation of JSON Web Token (JWT) in the application

Broken JWT Authentication

Broken Object Property Authorization

bopla

Tests if the application properly enforces access controls on individual properties of an object

Broken Object Property Authorization

Broken SAML Authentication

broken_saml_auth

Tests for secure implementation of SAML authentication in the application

Broken SAML Authentication

Brute Force Login

brute_force_login

Tests for the availability of commonly used credentials

Brute Force Login

Common Files

common_files

Tests if common files that should not be accessible are accessible

Exposed Common File

Cookie Security

cookie_security

Tests if the application uses and implements cookies with secure attributes

Missing 'httponly' Flag in Cookie

Missing 'secure' Flag in Cookie

Predictable Cookie Value

Cross Site Request Forgery (CSRF)

csrf

Tests application forms for vulnerable cross-site filling and submitting

Cross-Site Request Forgery (CSRF)

CVE scanning

cve_test

Tests for known third-party common vulnerability exposures

Common Vulnerability Exposure

Directory Listing

directory_listing

Tests if server-side directory listing is possible

Directory Listing

Email Injection

email_injection

Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing

Email Header Injection

File Upload

file_upload

Tests if file upload mechanisms are validated properly and denies upload of malicious content

Unrestricted File Upload

Full Path Disclosure (FPD)

full_path_disclosure

Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path

Full Path Disclosure

Headers Security Check

header_security

Tests for proper Security Headers configuration

Misconfigured Security Headers

HTTP Method Fuzzer

http_method_fuzzing

Tests enumeration of possible HTTP methods for vulnerabilities

Insecure HTTP Method

iFrame Injection

iframe_injection

Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities.

iFrame Injection

Insecure TLS Configuration

insecure_tls_configuration

Tests SSL/TLS ciphers and configurations for vulnerabilities

Insecure TLS Configuration

Local File Inclusion (LFI)

lfi

Tests if various application parameters are vulnerable to loading of unauthorized local system resources

Local File Inclusion (LFI)

MongoDB Injection

nosql

Tests if an attacker is able to inject malicious input into a NoSQL database query

MongoDB Injection (NoSQLI injection)

Open Cloud Storage

open_cloud_storage

Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests

Open Cloud Storage

Open DataBase

open_database

Tests if exposed database connection strings are open to public connections

Exposed Database Access

Exposed Database Connection String

OS Command Injection

osi

Tests if various application parameters are vulnerable to Operation System (OS) command injection

OS Command Injection

Remote File Inclusion (RFI)

rfi

Tests if various application parameters are vulnerable to loading of unauthorized remote system resources

Remote File Inclusion (RFI)

Secret Tokens

secret_tokens

Tests for exposure of secret API tokens or keys in the target application

Secret Tokens Leak

Server Side Template Injection (SSTI)

ssti

Tests if various application parameters are vulnerable to server-side code execution

Server Side Template Injection (SSTI)

Server-Side JavaScript Injection

server_side_js_injection

Test if the application incorrectly evaluates user-controllable data as code on the server side.

Server-Side Request Forgery (SSRF)

ssrf

Tests if various application parameters are vulnerable to internal resource access

Server Side Request Forgery (SSRF)

SQL Injection (SQLI)

sqli

SQL Injection tests vulnerable parameters for SQL database access

Database Error Message Disclosure

SQL Injection

Version Control System

version_control_systems

Tests if it is possible to access Version Control System (VCS) resources

Version Control System Exposure

WordPress Scan

wordpress

Tests for known vulnerabilities related to the WordPress platform

WordPress Component with Known Vulnerabilities

XML External Entity (XXE)

xxe

Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities

XML External Entity (XXE)

XPath Injection

xpathi

Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions

XPath Injection