API
Index¶
Access Control¶
- Authenticated route bypass
- Broken Object Level Authorization
- Forced Browsing
- Private data
- Private fields
- Public state-altering operation
- Sensitive endpoint bruteforce
- Tenant isolation
Configuration¶
- Compromised Supply Chain
- Crashing Page
- Directory listing
- Domain Takeover
- Error type inconsistency
- Excessive Browser Permissions
- Automatic Persisted Queries
- GraphQL Extension Disclosure
- GraphQL IDE
- Proxy Disclosure
- Springboot Actuator Restart Misconfiguration
- Springboot Actuator Shutdown Misconfiguration
- Configuration_SubresourceIntegrityMissing
- Unhandled endpoint
- Unsafe Function Use
- WAF Bypass
- XSS via Domain Takeover
Information Disclosure¶
- Airflow Config Exposure
- Alibaba Canal Leak
- Ansible Config Exposure
- Appspec Exposure
- AppVeyor Config Exposure
- AWS Config Exposure
- AWS Docker Config Exposure
- AWStats Config Exposure
- AWStats Exposure
- Azure Tenant ID Exposure
- Source code disclosure
- Console Error
- Data leak
- Debug mode
- Exposed MySQL Config
- Exposed settings.php
- Exposed SQL Dumps
- File disclosure
- Field suggestion
- Introspection enabled
- Leaking authentication
- Vulnerable Package
- Private IP
- Field Suggestion
- Software Component Leak
- Springboot Actuator Disclosure of Thread Dump
- Springboot Actuator Disclosure of Environment
- Springboot Actuator Disclosure of Heap Dump
- Springboot Actuator Disclosure of Mappings
- Springboot Actuator Disclosure of Trace
- Stacktrace
Injection¶
- Command Injection
- CRLF Injection
- Deserialization Attack
- Directory traversal
- File inclusion
- Improper Input Validation Injection
- Stored Improper Input Validation Injection
- JWT algorithm confusion
- JWT no algorithm
- JWT Signature check
- LLM Endpoint Detection
- LLM Excessive Agency
- LLM Insecure Output Handling
- LLM Insecure Plugin Design
- LLM JailBreak
- LLM Model Denial of Service
- LLM Model Theft
- LLM Overreliance
- LLM Prompt Injection
- LLM Sensitive Information Disclosure
- LLM Supply Chain Vulnerabilities
- LLM Training Data Poisoning
- Log4Shell
- Mass Assignment
- NoSQL Injection
- NoSQL Injection Stored
- SQL Injection
- SSTI (Server-Side Template Injection)
- XXE Injection
Protocol¶
- CORS
- Content type
- Access-Control-Allow-Origin Header
- Cache Control Header
- Content Security Policy Header
- Content-Type header
- Header leak
- Cookie Security
- Strict Transport Security
- X-Content-Type-Options
- X-Frame-Options header
- Headers
- Request smuggling
- Server Error
- SSL enforced
- SSL Certificate
- TLS Configuration Ciphers
- TLS Protocol Configuration
- TLS Configuration
- TLS Configuration Server Defaults
- TLS Configuration Server Preferences
- TLS vulnerabilities
Request Forgery¶
- GET based CSRF
- POST based CSRF
- Open redirection Forgery
- Server Side Request Forgery
- SSRF Injection in headers
- Partial SSRF
Resource Limitation¶
- Character limit
- Cyclic query
- Alias limit
- Batch Limit
- Cyclic Recursive Query
- Depth limit
- Directive overloading
- Field Duplication
- Field limit
- Recursive Fragment
- Width limit
- Large JSON input
- Pagination missing
- Resource limiting bypass
- Response size
- Security timeout
- Unreachable server
Schema¶
- Duplicate Query/Mutation Name
- Duplicated object
- GraphQL Response Format
- Invalid condition in allOf
- Invalid parameters in path
- Invalid Persisted Query
- Invalid references
- Mismatching persisted queries and schema
- Permissive JSON Input
- Positive integer validation
- Response type mismatch
- Swagger rules
- Typing misconfiguration
- Undefined objects
- Zombie object