Information Disclosure: Stacktrace¶

Identifier: stacktrace

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Detailed error messages or stack traces in responses can reveal information about database schemas, code dependencies, file paths, and internal application structure, making it easier for attackers to identify and exploit vulnerabilities.

How we test: We analyze error responses and stack traces to detect if detailed technical information is exposed. We look for database errors, file paths, code snippets, library versions, and other sensitive details that should not be visible to end users.

References:

https://infosecwriteups.com/exploiting-error-based-sql-injections-bypassing-restrictions-ed099623cd94

Configuration¶

Example¶

Example configuration:

---
security_tests:
  stacktrace:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.