Skip to content

Information Disclosure: Software Component Leak

Identifier: software_component_leak

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When a server unintentionally reveals details about the technology it uses, like specific software frameworks or versions, it gives attackers clues about where to strike. This leak makes it easier for bad actors to identify outdated or weak components that might be exploited. Often, such leaks happen because developers leave default settings in place or fail to properly mask error and debug messages. If left unaddressed, this vulnerability can turn your system into an easier target for attacks.

Configuration

Example

Example configuration:

---
security_tests:
  software_component_leak:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.