Security Test: LLM Endpoint Detection¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

LLM Endpoint Detection is about finding when an application exposes a way to interact with a language model, which can be a hidden door for potential attackers. If developers aren’t careful, these endpoints may allow malicious input that tricks the system into doing unexpected or harmful things, like revealing sensitive data or running unauthorized code. Often, the issue arises when endpoints aren’t properly secured or validated, letting attackers use injection attacks to manipulate how the underlying model behaves. This can lead not only to data breaches but also to broader misuse of the application, especially when developers make assumptions about what kind of input will be received. The danger lies in these overlooked spaces—what seems like a harmless feature can become a gateway for more significant security problems if not treated with caution.

Reference:

https://owasp.org/www-project-top-10-for-large-language-model-applications/

Configuration¶

Identifier: injection/llm_detection

Examples¶

All configuration available:

checks:
  injection/llm_detection:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.2`
NIST	`SP800-53`
FedRAMP	`SI-3`
CWE	`200`
CVSS Vector	`CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N`