Escape Documentation
Graphql field limit
Initializing search
Log in to Escape
Home
Documentation
Release Notes
Blog
Not an Escape user yet? Book a demo
Escape Documentation
Log in to Escape
Home
Documentation
Documentation
Inventory
Inventory
Quick Start
API Discovery from Code
Internal Networks
Integrations
Integrations
Icon_24px_AppigeeAPIPlatform_Color
Apigee
AWS
Axway
Azure
Bitbucket
Cloudflare
GCP
GitHub
GitLab
Kong Gateway
Kong Konnect
Kubernetes
mulesoft-logo
Mulesoft
Postman
Wiz
DAST Scanning
DAST Scanning
Start a new Scan
Understanding Results
Analyze Logs
Schedule Scans
DAST in CI/CD
DAST in CI/CD
DAST in GitHub Action
DAST in GitLab CI
DAST in Bitbucket
DAST in CircleCI
DAST in Jenkins
DAST in Azure DevOps
DAST in Travis CI
Override configuration
Update introspection
Identify commits
Command Line
Authentication
Authentication
AWS Cognito Preset
Basic Preset
cURL Preset
cURL Sequence Preset
Digest Preset
GraphQL Preset
Headers Preset
HTTP Preset
OAuth Client Preset
OAuth User Preset
Playwright Preset
Advanced Workflows
Authentication Reference
Custom Rules
Custom Rules
Alerting
Detectors
Transformations
Mutators
Seeders
Custom Rules Reference
Expert Usage
Expert Usage
Rate Limiting
Blocklist & Hotstart
API Custom Payloads
API Access Control
Scan Internal Applications
API DAST Reference
Data Types Reference
SPA DAST Parameters
GraphQL Persisted Queries
Retrieve a GraphQL Schema
Supported Security Tests
Supported Security Tests
LLM Security Testing
Access Control
Access Control
Authenticated route bypass
Broken Object Level Authorization
Forced Browsing
Private data
Private fields
Public state-altering operation
Sensitive endpoint bruteforce
Tenant isolation
Configuration
Configuration
compromised supply chain
Crashing Page
Directory listing
Domain Takeover
Error type inconsistency
excessive browser permissions
Automatic Persisted Queries
GraphQL Extension Disclosure
GraphQL IDE
Proxy Disclosure
Springboot Actuator Restart Misconfiguration
Springboot Actuator Shutdown Misconfiguration
Unhandled endpoint
WAF Bypass
xss via domain takeover
Information Disclosure
Information Disclosure
Airflow Config Exposure
Alibaba Canal Leak
Ansible Config Exposure
Appspec Exposure
AppVeyor Config Exposure
AWS Config Exposure
AWS Docker Config Exposure
AWStats Config Exposure
AWStats Exposure
Azure Tenant ID Exposure
Source code disclosure
console error
Data leak
Debug mode
Exposed MySQL Config
Exposed settings.php
Exposed SQL Dumps
File disclosure
Field suggestion
Introspection enabled
Leaking authentication
Vulnerable Package
Private IP
Field Suggestion
Software Component Leak
Springboot Actuator Disclosure of Thread Dump
Springboot Actuator Disclosure of Environment
Springboot Actuator Disclosure of Heap Dump
Springboot Actuator Disclosure of Mappings
Springboot Actuator Disclosure of Trace
Stacktrace
Injection
Injection
Command Injection
CRLF Injection
Deserialization Attack
Directory traversal
File inclusion
Improper Input Validation Injection
Stored Improper Input Validation Injection
JWT algorithm confusion
JWT no algorithm
JWT Signature check
Vulnerable LLM
LLM Endpoint Detection
LLM Excessive Agency
LLM Insecure Output Handling
LLM Insecure Plugin Design
LLM JailBreak
LLM Model Denial of Service
LLM Model Theft
LLM Overreliance
LLM Prompt Injection
LLM Sensitive Information Disclosure
LLM Supply Chain Vulnerabilities
LLM Training Data Poisoning
Log4Shell
Mass Assignment
NoSQL Injection
NoSQL Injection Stored
SQL Injection
SSTI (Server-Side Template Injection)
XXE Injection
Protocol
Protocol
CORS
Content type
Access-Control-Allow-Origin Header
Cache Control Header
Content Security Policy Header
Content-Type header
Header leak
Cookie Security
Strict Transport Security
X-Content-Type-Options
X-Frame-Options header
Headers
HeartBleed
Request smuggling
Server Error
SSL enforced
SSL Certificate
TLS Configuration Ciphers
TLS Protocol Configuration
TLS Configuration
TLS Configuration Server Defaults
TLS Configuration Server Preferences
TLS vulnerabilities
Request Forgery
Request Forgery
GET based CSRF
POST based CSRF
Open redirection Forgery
Server Side Request Forgery
SSRF Injection in headers
Partial SSRF
Resource Limitation
Resource Limitation
Character limit
Cyclic query
Alias limit
Batch Limit
Cyclic Recursive Query
Depth limit
Directive overloading
Field Duplication
Field limit
Recursive Fragment
Width limit
Large JSON input
Pagination missing
Resource limiting bypass
Response size
Security timeout
Unreachable server
Schema
Schema
Duplicated object
GraphQL Response Format
Invalid condition in allOf
Invalid parameters in path
Invalid Persisted Query
Invalid references
Mismatching persisted queries and schema
Permissive JSON Input
Positive integer validation
Response type mismatch
Response type mismatch
Self compliant spec
Swagger rules
Typing misconfiguration
Undefined objects
Weak JSON typing
Zombie object
Automation & Ticketing
Automation & Ticketing
Email Notifications
Slack Notifications
Discord Notifications
Teams Notifications
Webhook Notifications
Jira Integration
Enterprise Features
Enterprise Features
Support and SLA
Registration Requirements
SSO and Identity Federation
Role-Based Access Control
Audit Logs
Private Locations
Deployment Options
Rotating Encryption
Public API
Graphql field limit
Back to top