Skip to content

Information Disclosure: Software Component Leak

Identifier: software_component_leak

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Servers unintentionally revealing details about technology stacks, software frameworks, or versions can give attackers clues about vulnerabilities to exploit, making it easier to identify outdated or weak components.

How we test: We analyze HTTP response headers, error messages, and application responses to detect if software components, frameworks, versions, or technology stack information is exposed. We check for default settings, debug messages, and headers that leak technology details.

Configuration

Example

Example configuration:

---
security_tests:
  software_component_leak:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.