Skip to content
Escape Documentation
Resource Limitation
Initializing search
Log in to Escape
Home
Documentation
Release Notes
Blog
Not an Escape user yet? Book a demo
Escape Documentation
Log in to Escape
Home
Documentation
Documentation
Inventory
Inventory
Quick Start
API Discovery from Code
Internal Networks
Integrations
Integrations
akamai-logo1-svg
Akamai
Icon_24px_AppigeeAPIPlatform_Color
Apigee
AWS
Axway
Azure DevOps
Azure
Bitbucket
Cloudflare
GCP
GitHub
GitLab
Kong Gateway
Kong Konnect
Kubernetes
mulesoft-logo
Mulesoft
Postman
Wiz
DAST Scanning
DAST Scanning
Start a new Scan
Understanding Results
Schedule Scans
DAST in CI/CD
DAST in CI/CD
DAST in GitHub Action
DAST in GitLab CI
DAST in Bitbucket
DAST in CircleCI
DAST in Jenkins
DAST in Azure DevOps
DAST in Travis CI
Override configuration
Command Line
Authentication
Authentication
AWS Cognito Preset
Basic Preset
Browser Actions Preset
Browser Agent Preset
cURL Preset
cURL Sequence Preset
Digest Preset
GraphQL Preset
Headers Preset
HTTP Preset
OAuth Client Preset
OAuth User Preset
Advanced Workflows
Authentication Reference
Frontend DAST
Frontend DAST
Technology
Tuning Guide
Configuration
FAQ
API DAST
API DAST
Analyze Coverage
Rate Limiting
Blocklist & Hotstart
API Custom Payloads
API Access Control
Scan Internal Applications
API DAST Parameters
Data Types Reference
GraphQL
Custom Rules
Custom Rules
Alerting
Detectors
Transformations
Mutators
Seeders
Custom Rules Reference
Supported Security Tests
Supported Security Tests
LLM Tests
Frontend Tests
Frontend Tests
Configuration
Configuration
Compromised Supply Chain
Crashing Page
Domain Takeover
Excessive Browser Permissions
Request URL Override
Missing Subresource Integrity
Unsafe Function Use
XSS via Domain Takeover
Information Disclosure
Information Disclosure
Console Error
Exposed Source Map
Frontend Guessable Cookie Value
Password Field Autocompletion
Frontend Vulnerable Package
Sensitive Comments
Frontend Software Component Leak
Frontend Stacktrace
Injection
Injection
Frontend Command Injection
Frontend CRLF Injection
HTML Injection
Frontend Improper Input Validation Injection
NoSQL Injection via Frontend
SQL Injection via Frontend
Protocol
Protocol
Frontend Cookie Security
Server Error via Frontend
Frontend SSL enforced
SSL Certificate
Request Forgery
Request Forgery
GET based CSRF
POST based CSRF
Open redirection Forgery via Frontend
SSRF Injection in headers via Frontend
Resource Limitation
Resource Limitation
Security timeout
API Tests
API Tests
Access Control
Access Control
Authenticated route bypass
Broken Object Level Authorization
Forced Browsing
Private data
Private fields
Public state-altering operation
Sensitive endpoint bruteforce
Tenant isolation
Configuration
Configuration
Directory listing
Error type inconsistency
Automatic Persisted Queries
GraphQL Extension Disclosure
GraphQL IDE
Proxy Disclosure
Springboot Actuator Restart Misconfiguration
Springboot Actuator Shutdown Misconfiguration
Configuration_SubresourceIntegrityMissing
Unhandled endpoint
WAF Bypass
Information Disclosure
Information Disclosure
Agentic issue
Airflow Config Exposure
Alibaba Canal Leak
Ansible Config Exposure
Appspec Exposure
AppVeyor Config Exposure
AWS access token exposed
AWS Config Exposure
AWS Docker Config Exposure
AWStats Config Exposure
AWStats Exposure
Azure Tenant ID Exposure
Source code disclosure
Debug mode
Exposed MySQL Config
Exposed settings.php
Exposed SQL Dumps
File disclosure
Field suggestion
Introspection enabled
Possible User Enumeration
Vulnerable Package
Private IP
Field Suggestion
Software Component Leak
Springboot Actuator Disclosure of Thread Dump
Springboot Actuator Disclosure of Environment
Springboot Actuator Disclosure of Heap Dump
Springboot Actuator Disclosure of Logfile
Springboot Actuator Disclosure of Mappings
Springboot Actuator Disclosure of Trace
Stacktrace
Injection
Injection
Arbitrary Token Scope Injection
Command Injection
CRLF Injection
Deserialization Attack
Directory traversal
File inclusion
Improper Input Validation Injection
Stored Improper Input Validation Injection
JWT algorithm confusion
JWT no algorithm
JWT Signature check
LLM Endpoint Detection
LLM Excessive Agency
LLM Insecure Output Handling
LLM Insecure Plugin Design
LLM JailBreak
LLM Model Denial of Service
LLM Model Theft
LLM Overreliance
LLM Prompt Injection
LLM Sensitive Information Disclosure
LLM Supply Chain Vulnerabilities
LLM Training Data Poisoning
Log4Shell
Mass Assignment
NoSQL Injection
NoSQL Injection Stored
SQL Injection
SSTI (Server-Side Template Injection)
XXE Injection
Protocol
Protocol
CORS
Content type
Access-Control-Allow-Origin Header
Cache Control Header
Content Security Policy Header
Content-Type header
Header leak
Cookie Security
Strict Transport Security
X-Content-Type-Options
X-Frame-Options header
Headers
Request smuggling
Server Error
SSL enforced
SSL Certificate
TLS Configuration Ciphers
TLS Protocol Configuration
TLS Configuration
TLS Configuration Server Defaults
TLS Configuration Server Preferences
TLS vulnerabilities
Request Forgery
Request Forgery
GET based CSRF
POST based CSRF
Open redirection Forgery
Server Side Request Forgery
SSRF Injection in headers
Partial SSRF
Resource Limitation
Resource Limitation
Character limit
Cyclic query
Alias limit
Batch Limit
Cyclic Recursive Query
Depth limit
Directive overloading
Field Duplication
Field limit
Recursive Fragment
Width limit
Large JSON input
Pagination missing
Resource limiting bypass
Response size
Security timeout
Unreachable server
Schema
Schema
Duplicate Query/Mutation Name
Duplicated object
GraphQL Response Format
Invalid condition in allOf
Invalid parameters in path
Invalid Persisted Query
Invalid references
Mismatching persisted queries and schema
Permissive JSON Input
Positive integer validation
Response type mismatch
Swagger rules
Typing misconfiguration
Undefined objects
Zombie object
Sensitive Data
Sensitive Data
Data leak
Leaked Sensitive Data in LocalStorage
High number of PCI
High number of PHI
High number of PII
High number of Secrets
Exposed JWT Token
Governance
Governance
Vulnerability Management
Compliance
Reporting
Automation & Ticketing
Automation & Ticketing
Email Notifications
Slack Notifications
Discord Notifications
Teams Notifications
Webhook Notifications
Jira Ticketing
Tooling
Tooling
Escape MCP Copilot
Public API
Escape CLI
Public Locations
Private Locations
Private Locations
Prerequisites
Deployment Methods
Quickstart
Firewall Configuration
SSL Configuration
mTLS Authentication
Proxy Configuration
Logging & Monitoring
Repeater Migration
Enterprise Features
Enterprise Features
Support & SLA
SSO & Identity Federation
Role-Based Access Control
Audit Logs
Rotating Encryption
Private Tenant
Table of contents
Index
Resource Limitation
Index
¶
Security timeout
Back to top