Skip to content

Configuration: Unhandled endpoint

Identifier: unhandled_endpoint

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When a system shows an endpoint in its API documentation or introspection but does not build any logic around it, it creates an unexpected weak spot. Attackers might probe this gap and look for unexpected behaviors, and if the system does not properly close the door, it could allow misuse, crashes, or even unauthorized access in certain cases. Developers often overlook these unused endpoints thinking nothing happens, but leaving them visible or accessible can lead to unintended security holes in your application.

Configuration

Example

Example configuration:

---
security_tests:
  unhandled_endpoint:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.