API Vulnerabilities
Name | OWASP | Severity | Support |
---|---|---|---|
Broken Object Level Authorization (BOLA) | API1:2023 Broken Object Level Authorization | Medium | |
Private Field Access | API1:2023 Broken Object Level Authorization | Medium | |
Mass Assignment | API1:2023 Broken Object Level Authorization | Medium | |
Authentication Bypass | API2:2023 Broken Authentication | High | ✅ |
JWT none algorithm | API2:2023 Broken Authentication | High | ✅ |
JWT blank secret | API2:2023 Broken Authentication | High | ✅ |
JWT weak secret | API2:2023 Broken Authentication | High | ✅ |
JWT Audience cross service relay attack | API2:2023 Broken Authentication | High | |
JWT Null Signature | API2:2023 Broken Authentication | High | ✅ |
JWT Algorithm Confusion | API2:2023 Broken Authentication | High | ✅ |
JWT Signature not verified | API2:2023 Broken Authentication | High | ✅ |
JWT Expired | API2:2023 Broken Authentication | High | |
Discoverable OpenAPI | API7:2023 Server Side Request Forgery | Info | ✅ |
Discoverable GraphQL Endpoint | API7:2023 Server Side Request Forgery | Info | ✅ |
GraphQL Introspection Enabled | API7:2023 Server Side Request Forgery | Info | ✅ |
Secrets Leak | API8:2023 Security Misconfiguration | High | |
Directory Listing | API8:2023 Security Misconfiguration | Medium | |
Private IP Disclosure | API8:2023 Security Misconfiguration | Low | |
Not HTTP-only Cookie | API8:2023 Security Misconfiguration | Info | ✅ |
Not Secure Cookie | API8:2023 Security Misconfiguration | Info | ✅ |
Not SameSite Cookie | API8:2023 Security Misconfiguration | Info | ✅ |
No Cookie expiration | API8:2023 Security Misconfiguration | Info | ✅ |
No CORS Headers | API8:2023 Security Misconfiguration | Info | ✅ |
Permissive CORS Headers | API8:2023 Security Misconfiguration | Info | ✅ |
X-Content-Type-Options Header Not Set | API8:2023 Security Misconfiguration | Info | ✅ |
X-Frame-Options Header Not Set | API8:2023 Security Misconfiguration | Info | ✅ |
CSP Header Not Set | API8:2023 Security Misconfiguration | Info | ✅ |
CSP Frame Ancestors Not Set | API8:2023 Security Misconfiguration | Info | ✅ |
HSTS Header Not Set | API8:2023 Security Misconfiguration | Info | ✅ |
HTTP TRACE Method Enabled | API8:2023 Security Misconfiguration | Info | ✅ |
HTTP TRACK Method Enabled | API8:2023 Security Misconfiguration | Info | ✅ |
Server Signature Leak | API8:2023 Security Misconfiguration | Info | ✅ |
SSL Certificate Not Trusted | API8:2023 Security Misconfiguration | Medium | |
SSL Not Enforced | API8:2023 Security Misconfiguration | Medium | |
Directory Traversal | API10:2023 Unsafe Consumption of APIs | High |