Skip to content

Custom: Custom security checks

Identifier: security_checks

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Custom security checks happen when developers write their own rules to protect against threats but often miss edge cases or mishandle unexpected inputs. This can create gaps that attackers might exploit, letting them bypass intended safeguards, access sensitive data, or even control parts of the system. The real danger lies in over-reliance on these custom checksif they arent comprehensive or are poorly implemented, you end up with vulnerabilities that could have been prevented with well-known, tested solutions. Its a common pitfall to assume that a custom check covers all angles, which can lead to underestimated risks and a false sense of security.

Configuration

Example

Example configuration:

---
security_tests:
  security_checks:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.