Skip to content

Supported Security Tests and Vulnerability Categories

Escape covers thousands of test scenarios across 173 vulnerability categories (security assessments).

Each test contains different attack scenarios and payloads that’s adapted to the logic of your application.

In the ASM, almost all the security tests are supported, but the underlying exploration algorithms are way less deep as the main goal of the ASM explore the organization wide scope.

Name Category GraphQL Support (161) REST Support (147) WebApp Support (149) ASM Support (170)
Auth Bypass Access Control
Broken Object Level Authorization Access Control
Forced Browsing Access Control
Private data Access Control
Private fields Access Control
Public state-altering operation Access Control
Row Level Security Bypass Access Control
Sensitive endpoint bruteforce Access Control
Tenant isolation Access Control
DNS record DKIM Configuration
DNS record DMARC Configuration
DNS record TXT length Configuration
DNS record TXT sensitive Configuration
DNS record loopback Configuration
DNS record permissive SPF Configuration
DNSSEC not enabled Configuration
Directory listing Configuration
Domain Takeover Configuration
Error type inconsistency Configuration
Excessive Browser Permissions Configuration
GraphQL Automatic Persisted Queries Configuration
GraphQL Extension Disclosure Configuration
GraphQL IDE Configuration
Request URL Override Configuration
Springboot Actuator Restart Misconfiguration Configuration
Springboot Actuator Shutdown Misconfiguration Configuration
Subresource Integrity Missing Configuration
Unhandled endpoint Configuration
Unsafe Function Use Configuration
WAF Bypass Configuration
Weak Flask Session Secret Configuration
XSS via Domain Takeover Configuration
Custom security checks Custom
AWS Access Token Information Disclosure
AWS Config Exposure Information Disclosure
AWS Docker Config Exposure Information Disclosure
AWStats Config Exposure Information Disclosure
AWStats Exposure Information Disclosure
Airflow Config Exposure Information Disclosure
Alibaba Canal Leak Information Disclosure
Ansible Config Exposure Information Disclosure
Appspec Exposure Information Disclosure
Appveyor Config Exposure Information Disclosure
Azure Tenant Id Exposure Information Disclosure
Console Error Information Disclosure
Crashing Page Information Disclosure
Debug mode Information Disclosure
Exposed MySQL Config Information Disclosure
Exposed SQL Dumps Information Disclosure
Exposed Source Map Information Disclosure
Exposed settings.php Information Disclosure
File disclosure Information Disclosure
Frontend Guessable Cookie Value Information Disclosure
GraphQL Field Suggestion Information Disclosure
Introspection enabled Information Disclosure
Nuclei Issue Information Disclosure
Password Field Autocompletion Information Disclosure
Port Remediation Information Disclosure
Possible User Enumeration Information Disclosure
Private IP Information Disclosure
Sensitive Comments Information Disclosure
Software Component Leak Information Disclosure
Springboot Actuator Disclosure of Environment Information Disclosure
Springboot Actuator Disclosure of Logfile Information Disclosure
Springboot Actuator Disclosure of Mappings Information Disclosure
Springboot Actuator Disclosure of Thread Dump Information Disclosure
Springboot Actuator Disclosure of Trace Information Disclosure
Springboot Actuator Heapdump Information Disclosure
Stacktrace Information Disclosure
Vulnerable Package Information Disclosure
WordPress RDF Feed Users Exposed Information Disclosure
WordPress REST API Users Exposed Information Disclosure
WordPress oEmbed Endpoint Exposure Information Disclosure
WordPress wp-cron Exposed Information Disclosure
Agentic Issue Injection
Arbitrary Token Scope Injection
CRLF Injection Injection
Command Injection Injection
Directory traversal Injection
File inclusion Injection
Frontend HTTP Parameter Pollution Injection
HTML Injection Injection
Improper Input Validation Injection Injection
JWT Signature check Injection
JWT algorithm confusion Injection
JWT no algorithm Injection
LLM Endpoint Detection Injection
LLM Excessive Agency Injection
LLM Insecure Output Handling Injection
LLM Insecure Plugin Design Injection
LLM JailBreak Injection
LLM Model Denial of Service Injection
LLM Model Theft Injection
LLM Overreliance Injection
LLM Prompt Injection Injection
LLM Sensitive Information Disclosure Injection
LLM Supply Chain Vulnerabilities Injection
LLM Training Data Poisoning Injection
Log4Shell Injection
Mass Assignment Injection
NoSQL Injection Injection
NoSQL Injection Stored Injection
Reflected URL Parameter Injection
SQL Injection Injection
SSTI (Server-Side Template Injection) Injection
Stored Improper Input Validation Injection Injection
XXE Injection Injection
Access-Control-Allow-Origin Header Protocol
CORS Protocol
Cache Control Header Protocol
Content Security Policy Protocol
Content Security Policy Header Protocol
Content-Type header Protocol
Cookie Security Protocol
GraphQL Content Type Protocol
Header leak Protocol
Headers Protocol
Request smuggling Protocol
SSL Certificate Protocol
SSL enforced Protocol
Server Error Protocol
Strict Transport Security Protocol
TLS Configuration Protocol
TLS Configuration Ciphers Protocol
TLS Configuration Server Defaults Protocol
TLS Configuration Server Preferences Protocol
TLS Protocol Configuration Protocol
TLS vulnerabilities Protocol
X-Content-Type-Options Protocol
X-Frame-Options header Protocol
CSRF Get Based Request Forgery
CSRF Post Based Request Forgery
Open redirection Forgery Request Forgery
SSRF Injection in headers Request Forgery
Server Side Request Forgery Request Forgery
Character Limit Resource Limitation
GraphQL Alias Limit Resource Limitation
GraphQL Batch Limit Resource Limitation
GraphQL Cyclic Recursive Query Resource Limitation
GraphQL Depth Limit Resource Limitation
GraphQL Directive Overloading Resource Limitation
GraphQL Field Duplication Resource Limitation
GraphQL Field Limit Resource Limitation
GraphQL Recursive Fragment Resource Limitation
GraphQL Width Limit Resource Limitation
Large JSON input Resource Limitation
Pagination missing Resource Limitation
Resource limiting bypass Resource Limitation
Response size Resource Limitation
Security timeout Resource Limitation
Unreachable server Resource Limitation
WordPress xmlrpc.php Exposed Resource Limitation
Duplicated object Schema
GraphQL Response Type Mismatch Schema
Invalid Persisted Query Schema
Invalid condition in allOf Schema
Invalid parameters in path Schema
Invalid references Schema
Mismatching persisted queries and schema Schema
Permissive JSON Input Schema
Positive integer validation Schema
Response Format Schema
Swagger rules Schema
Typing misconfiguration Schema
Undefined objects Schema
Zombie object Schema
Exposed JWT Token Sensitive Data
High number of Custom Scalars Sensitive Data
High number of PCI Sensitive Data
High number of PHI Sensitive Data
High number of PII Sensitive Data
High number of Secrets Sensitive Data
Leaked Sensitive Data in LocalStorage Sensitive Data

Index

  •    LLM Endpoint Detection

  •    LLM Excessive Agency

  •    LLM Insecure Output Handling

  •    LLM Insecure Plugin Design

  •    LLM JailBreak

  •    LLM Model Denial of Service

  •    LLM Model Theft

  •    LLM Overreliance

  •    LLM Prompt Injection

  •    LLM Sensitive Information Disclosure

  •    LLM Supply Chain Vulnerabilities

  •    LLM Training Data Poisoning

  •    Airflow Config Exposure

  •    Alibaba Canal Leak

  •    Ansible Config Exposure

  •    Agentic Issue

  •    Appspec Exposure

  •    Appveyor Config Exposure

  •    Arbitrary Token Scope

  •    Auth Bypass

  •    AWS Access Token

  •    AWS Config Exposure

  •    AWS Docker Config Exposure

  •    AWStats Config Exposure

  •    AWStats Exposure

  •    Azure Tenant Id Exposure

  •    Broken Object Level Authorization

  •    Command Injection

  •    Content Security Policy

  •    CORS

  •    Crashing Page

  •    CRLF Injection

  •    CSRF Get Based

  •    CSRF Post Based

  •    Debug mode

  •    Directory listing

  •    Directory traversal

  •    Duplicated object

  •    Error type inconsistency

  •    Exposed JWT Token

  •    Exposed MySQL Config

  •    Exposed settings.php

  •    Exposed Source Map

  •    Exposed SQL Dumps

  •    File disclosure

  •    File inclusion

  •    Forced Browsing

  •    Leaked Sensitive Data in LocalStorage

  •    Frontend Guessable Cookie Value

  •    Access-Control-Allow-Origin Header

  •    Cache Control Header

  •    Content Security Policy Header

  •    Content-Type header

  •    Header leak

  •    Cookie Security

  •    Strict Transport Security

  •    X-Content-Type-Options

  •    X-Frame-Options header

  •    Headers

  •    High number of Custom Scalars

  •    High number of PCI

  •    High number of PHI

  •    High number of PII

  •    High number of Secrets

  •    HTML Injection

  •    Frontend HTTP Parameter Pollution

  •    GraphQL IDE

  •    Improper Input Validation Injection

  •    Stored Improper Input Validation Injection

  •    Introspection enabled

  •    Invalid condition in allOf

  •    Invalid parameters in path

  •    Invalid Persisted Query

  •    Invalid references

  •    JWT algorithm confusion

  •    JWT no algorithm

  •    JWT Signature check

  •    Large JSON input

  •    Possible User Enumeration

  •    Log4Shell

  •    Mass Assignment

  •    Mismatching persisted queries and schema

  •    NoSQL Injection

  •    NoSQL Injection Stored

  •    Nuclei Issue

  •    Port Remediation

  •    Open redirection Forgery

  •    Pagination missing

  •    Password Field Autocompletion

  •    Permissive JSON Input

  •    Positive integer validation

  •    Vulnerable Package

  •    Private data

  •    Private fields

  •    Private IP

  •    Public state-altering operation

  •    Reflected URL Parameter

  •    Request smuggling

  •    Request URL Override

  •    Resource limiting bypass

  •    Response size

  •    GraphQL Response Type Mismatch

  •    Row Level Security Bypass

  •    Custom security checks

  •    Sensitive Comments

  •    Sensitive endpoint bruteforce

  •    Server Error

  •    Software Component Leak

  •    Springboot Actuator Disclosure of Thread Dump

  •    Springboot Actuator Disclosure of Environment

  •    Springboot Actuator Heapdump

  •    Springboot Actuator Disclosure of Logfile

  •    Springboot Actuator Disclosure of Mappings

  •    Springboot Actuator Restart Misconfiguration

  •    Springboot Actuator Shutdown Misconfiguration

  •    Springboot Actuator Disclosure of Trace

  •    SQL Injection

  •    SSL enforced

  •    SSL Certificate

  •    Server Side Request Forgery

  •    SSRF Injection in headers

  •    SSTI (Server-Side Template Injection)

  •    Stacktrace

  •    Subresource Integrity Missing

  •    Swagger rules

  •    Tenant isolation

  •    Security timeout

  •    TLS Configuration Ciphers

  •    TLS Protocol Configuration

  •    TLS Configuration

  •    TLS Configuration Server Defaults

  •    TLS Configuration Server Preferences

  •    TLS vulnerabilities

  •    Typing misconfiguration

  •    Undefined objects

  •    Unhandled endpoint

  •    Unreachable server

  •    Unsafe Function Use

  •    WAF Bypass

  •    WordPress oEmbed Endpoint Exposure

  •    WordPress RDF Feed Users Exposed

  •    WordPress REST API Users Exposed

  •    WordPress wp-cron Exposed

  •    WordPress xmlrpc.php Exposed

  •    XSS via Domain Takeover

  •    XXE Injection

  •    Zombie object

  •    Console Error

  •    Domain Takeover

  •    Excessive Browser Permissions

  •    Weak Flask Session Secret

  •    Character Limit

  •    GraphQL Alias Limit

  •    GraphQL Automatic Persisted Queries

  •    GraphQL Batch Limit

  •    GraphQL Cyclic Recursive Query

  •    GraphQL Content Type

  •    GraphQL Depth Limit

  •    GraphQL Directive Overloading

  •    GraphQL Extension Disclosure

  •    GraphQL Field Duplication

  •    GraphQL Field Limit

  •    GraphQL Field Suggestion

  •    GraphQL Recursive Fragment

  •    Response Format

  •    GraphQL Width Limit

  •    DNS record DKIM

  •    DNS record DMARC

  •    DNS record TXT length

  •    DNS record TXT sensitive

  •    DNSSEC not enabled

  •    DNS record loopback

  •    DNS record permissive SPF