Skip to content
Escape Documentation
Resource Limitation
Initializing search
Log in to Escape
Home
Documentation
Release Notes
Blog
Not an Escape user yet? Book a demo
Escape Documentation
Log in to Escape
Home
Documentation
Documentation
Inventory
Inventory
Quick Start
API Discovery from Code
Internal Networks
Integrations
Integrations
akamai-logo1-svg
Akamai
Icon_24px_AppigeeAPIPlatform_Color
Apigee
AWS
Axway
Azure DevOps
Azure
Bitbucket
Cloudflare
GCP
GitHub
GitLab
Kong Gateway
Kong Konnect
Kubernetes
mulesoft-logo
Mulesoft
Postman
Wiz
DAST Scanning
DAST Scanning
Start a new Scan
Understanding Results
Analyze Logs
Schedule Scans
DAST in CI/CD
DAST in CI/CD
DAST in GitHub Action
DAST in GitLab CI
DAST in Bitbucket
DAST in CircleCI
DAST in Jenkins
DAST in Azure DevOps
DAST in Travis CI
Override configuration
Command Line
Authentication
Authentication
AWS Cognito Preset
Basic Preset
Browser Actions Preset
Browser Agent Preset
cURL Preset
cURL Sequence Preset
Digest Preset
GraphQL Preset
Headers Preset
HTTP Preset
OAuth Client Preset
OAuth User Preset
Advanced Workflows
Authentication Reference
Custom Rules
Custom Rules
Alerting
Detectors
Transformations
Mutators
Seeders
Custom Rules Reference
Expert Usage
Expert Usage
Rate Limiting
Blocklist & Hotstart
API Custom Payloads
API Access Control
Scan Internal Applications
API DAST Parameters
Data Types Reference
SPA DAST Parameters
GraphQL Persisted Queries
Retrieve a GraphQL Schema
Supported Security Tests
Supported Security Tests
LLM Security Testing
API
API
Access Control
Access Control
Authenticated route bypass
Broken Object Level Authorization
Forced Browsing
Private data
Private fields
Public state-altering operation
Sensitive endpoint bruteforce
Tenant isolation
Configuration
Configuration
Compromised Supply Chain
Crashing Page
Directory listing
Domain Takeover
Error type inconsistency
Excessive Browser Permissions
Automatic Persisted Queries
GraphQL Extension Disclosure
GraphQL IDE
Proxy Disclosure
Springboot Actuator Restart Misconfiguration
Springboot Actuator Shutdown Misconfiguration
Configuration_SubresourceIntegrityMissing
Unhandled endpoint
Unsafe Function Use
WAF Bypass
XSS via Domain Takeover
Information Disclosure
Information Disclosure
Agentic issue
Airflow Config Exposure
Alibaba Canal Leak
Ansible Config Exposure
Appspec Exposure
AppVeyor Config Exposure
AWS Config Exposure
AWS Docker Config Exposure
AWStats Config Exposure
AWStats Exposure
Azure Tenant ID Exposure
Source code disclosure
Console Error
Data leak
Debug mode
Exposed MySQL Config
Exposed settings.php
Exposed SQL Dumps
File disclosure
Field suggestion
High number of PII
Introspection enabled
Leaking authentication
Vulnerable Package
Private IP
Field Suggestion
Software Component Leak
Springboot Actuator Disclosure of Thread Dump
Springboot Actuator Disclosure of Environment
Springboot Actuator Disclosure of Heap Dump
Springboot Actuator Disclosure of Logfile
Springboot Actuator Disclosure of Mappings
Springboot Actuator Disclosure of Trace
Stacktrace
Injection
Injection
Arbitrary Token Scope Injection
Command Injection
CRLF Injection
Deserialization Attack
Directory traversal
File inclusion
Improper Input Validation Injection
Stored Improper Input Validation Injection
JWT algorithm confusion
JWT no algorithm
JWT Signature check
LLM Endpoint Detection
LLM Excessive Agency
LLM Insecure Output Handling
LLM Insecure Plugin Design
LLM JailBreak
LLM Model Denial of Service
LLM Model Theft
LLM Overreliance
LLM Prompt Injection
LLM Sensitive Information Disclosure
LLM Supply Chain Vulnerabilities
LLM Training Data Poisoning
Log4Shell
Mass Assignment
NoSQL Injection
NoSQL Injection Stored
SQL Injection
SSTI (Server-Side Template Injection)
XXE Injection
Protocol
Protocol
CORS
Content type
Access-Control-Allow-Origin Header
Cache Control Header
Content Security Policy Header
Content-Type header
Header leak
Cookie Security
Strict Transport Security
X-Content-Type-Options
X-Frame-Options header
Headers
Request smuggling
Server Error
SSL enforced
SSL Certificate
TLS Configuration Ciphers
TLS Protocol Configuration
TLS Configuration
TLS Configuration Server Defaults
TLS Configuration Server Preferences
TLS vulnerabilities
Request Forgery
Request Forgery
GET based CSRF
POST based CSRF
Open redirection Forgery
Server Side Request Forgery
SSRF Injection in headers
Partial SSRF
Resource Limitation
Resource Limitation
Character limit
Cyclic query
Alias limit
Batch Limit
Cyclic Recursive Query
Depth limit
Directive overloading
Field Duplication
Field limit
Recursive Fragment
Width limit
Large JSON input
Pagination missing
Resource limiting bypass
Response size
Security timeout
Unreachable server
Schema
Schema
Duplicate Query/Mutation Name
Duplicated object
GraphQL Response Format
Invalid condition in allOf
Invalid parameters in path
Invalid Persisted Query
Invalid references
Mismatching persisted queries and schema
Permissive JSON Input
Positive integer validation
Response type mismatch
Swagger rules
Typing misconfiguration
Undefined objects
Zombie object
Frontend
Frontend
Configuration
Configuration
Compromised Supply Chain
Crashing Page
Domain Takeover
Excessive Browser Permissions
Request URL Override
Missing Subresource Integrity
Unsafe Function Use
XSS via Domain Takeover
Information Disclosure
Information Disclosure
Console Error
Frontend Data leak
Exposed Source Map
Frontend LocalStorage Sensitive Data
Frontend Vulnerable Package
Sensitive Comments
Frontend Software Component Leak
Frontend Stacktrace
Injection
Injection
Frontend CRLF Injection
HTML Injection
Frontend Improper Input Validation Injection
NoSQL Injection via Frontend
NoSQL Injection Stored
SQL Injection via Frontend
Protocol
Protocol
Frontend Cookie Security
Server Error via Frontend
Frontend SSL enforced
SSL Certificate
Request Forgery
Request Forgery
GET based CSRF
POST based CSRF
Open redirection Forgery via Frontend
SSRF Injection in headers via Frontend
Resource Limitation
Resource Limitation
Security timeout
Governance
Governance
Vulnerability Management
Compliance
Reporting
Automation & Ticketing
Automation & Ticketing
Email Notifications
Slack Notifications
Discord Notifications
Teams Notifications
Webhook Notifications
Jira Ticketing
Enterprise Features
Enterprise Features
Support and SLA
Registration Requirements
SSO and Identity Federation
Role-Based Access Control
Audit Logs
Private Locations
Rotating Encryption
Deployment Options
Public API
Escape CLI
Privacy Q&A
Table of contents
Index
Resource Limitation
Index
¶
Security timeout
Back to top