API Finding Documentation

Accepted negative data

Findings Action Based Findings API Finding

Access logging should be configured for API Gateway V2 Stages

Findings Cloud Based Findings API Finding

Alias Overloading

Findings Action Based Findings API Finding

API Gateway access logging is not configured for FireTail

Findings Cloud Based Findings API Finding

API Gateway REST and WebSocket API execution logging should be enabled

Findings Cloud Based Findings API Finding

API Gateway Stage missing WAF

Findings Cloud Based Findings API Finding

API key in query string

Findings Design Based Findings API Finding

API key in URL

Findings Design Based Findings API Finding

AppSync field-level logging is not enabled

Findings Cloud Based Findings API Finding

AppSync GraphQL API authentication using API keys

Findings Cloud Based Findings API Finding

AppSync Graphql API is missing WAF

Findings Cloud Based Findings API Finding

AppSync GraphQL API query depth limit high

Findings Cloud Based Findings API Finding

AppSync GraphQL API query depth limit not set

Findings Cloud Based Findings API Finding

AppSync GraphQL API resolver count limit high

Findings Cloud Based Findings API Finding

AppSync GraphQL API resolver count limit not set

Findings Cloud Based Findings API Finding

AppSync introspection endpoint enabled

Findings Cloud Based Findings API Finding

AppSync logging is not enabled

Findings Cloud Based Findings API Finding

Array-based Query Batching

Findings Action Based Findings API Finding

Authentication removed

Findings Design Based Findings API Finding

Average Combined Header Size Elevated

Findings Log Based Findings API Finding

Average Combined Header Size Reduced

Findings Log Based Findings API Finding

Average Combined Payload Size Elevated

Findings Log Based Findings API Finding

Average Combined Payload Size Reduced

Findings Log Based Findings API Finding

Average Execution Time Elevated

Findings Log Based Findings API Finding

Average Execution Time Reduced

Findings Log Based Findings API Finding

Average Request Header Size Elevated

Findings Log Based Findings API Finding

Average Request Header Size Reduced

Findings Log Based Findings API Finding

Average Request Payload Size Elevated

Findings Log Based Findings API Finding

Average Request Payload Size Reduced

Findings Log Based Findings API Finding

Average Response Header Size Elevated

Findings Log Based Findings API Finding

Average Response Header Size Reduced

Findings Log Based Findings API Finding

Average Response Payload Size Elevated

Findings Log Based Findings API Finding

Average Response Payload Size Reduced

Findings Log Based Findings API Finding

AWS ALB has insecure desync mitigation mode

Findings Cloud Based Findings API Finding

AWS ALB has insecure desync mitigation mode

Findings Cloud Based Findings API Finding

AWS ALB has WAF set to fail open

Findings Cloud Based Findings API Finding

AWS ALB is missing WAF

Findings Cloud Based Findings API Finding

AWS ALB listeners should be configured with a strong security policy

Findings Cloud Based Findings API Finding

AWS ALB listeners should use HTTPS or TLS termination

Findings Cloud Based Findings API Finding

AWS ALB logging is not enabled

Findings Cloud Based Findings API Finding

AWS ALB not configured to drop invalid HTTP headers

Findings Cloud Based Findings API Finding

AWS ALB should redirect HTTP to HTTPS

Findings Cloud Based Findings API Finding

AWS API Gateway not private

Findings Design Based Findings API Finding

AWS Load Balancer missing deletion protection

Findings Cloud Based Findings API Finding

AWS Secrets Found in AI Logs

Findings Log Based Findings API Finding

AWS secrets found in logs

Findings Log Based Findings API Finding

Base64-encoded content detected in AI logs

Findings Log Based Findings API Finding

Basic Authentication found in logs

Findings Log Based Findings API Finding

Basic HTTP auth

Findings Design Based Findings API Finding

Circular references

Findings Design Based Findings API Finding

Credentials in URL

Findings Design Based Findings API Finding

CVE Detected

Findings Action Based Findings API Finding

Data exposure detected

Findings Action Based Findings API Finding

Default Login Detected

Findings Action Based Findings API Finding

Directive Overloading

Findings Action Based Findings API Finding

Facebook Secrets Found in AI Logs

Findings Log Based Findings API Finding

Facebook secrets found in logs

Findings Log Based Findings API Finding

Field Duplication

Findings Action Based Findings API Finding

Field Suggestions

Findings Action Based Findings API Finding

Fuzzing Successful

Findings Log Based Findings API Finding

Get Method Query Support

Findings Action Based Findings API Finding

GitLab Secrets Found in AI Logs

Findings Log Based Findings API Finding

GitLab secrets found in logs

Findings Log Based Findings API Finding

Google Secrets Found in AI Logs

Findings Log Based Findings API Finding

Google secrets found in logs

Findings Log Based Findings API Finding

GraphQL client error

Findings Action Based Findings API Finding

GraphQL IDE

Findings Action Based Findings API Finding

GraphQL injection found in logs

Findings Log Based Findings API Finding

GraphQL server error

Findings Action Based Findings API Finding

Index creation failed

Findings Design Based Findings API Finding

Insecure auth scheme

Findings Design Based Findings API Finding

Insecure host (OAS2)

Findings Design Based Findings API Finding

Insecure host (OAS3)

Findings Design Based Findings API Finding

Introspection is enabled

Findings Action Based Findings API Finding

Introspection-based Circular Query

Findings Action Based Findings API Finding

JSON deserialization error

Findings Action Based Findings API Finding

Legacy integer limit

Findings Design Based Findings API Finding

Mailgun Secrets Found in AI Logs

Findings Log Based Findings API Finding

Mailgun secrets found in logs

Findings Log Based Findings API Finding

Majority Response Status Codes 1XX

Findings Log Based Findings API Finding

Majority Response Status Codes 3XX

Findings Log Based Findings API Finding

Majority Response Status Codes 4XX

Findings Log Based Findings API Finding

Majority Response Status Codes 5XX

Findings Log Based Findings API Finding

Malformed media type

Findings Action Based Findings API Finding

Malicious activity found in logs

Findings Log Based Findings API Finding

Missing 401 response

Findings Design Based Findings API Finding

Missing 429 response

Findings Design Based Findings API Finding

Missing 4xx response

Findings Design Based Findings API Finding

Missing 500 response

Findings Design Based Findings API Finding

Missing additional properties

Findings Design Based Findings API Finding

Missing array limit

Findings Design Based Findings API Finding

Missing authentication

Findings Design Based Findings API Finding

Missing Content-Type header

Findings Action Based Findings API Finding

Missing global security

Findings Design Based Findings API Finding

Missing global security

Findings Design Based Findings API Finding

Missing rate limit headers

Findings Design Based Findings API Finding

Missing required headers

Findings Action Based Findings API Finding

Missing retry header

Findings Design Based Findings API Finding

Multilingual content detected in AI logs

Findings Log Based Findings API Finding

Mutation over GET

Findings Action Based Findings API Finding

Non-standard JSON Web Token

Findings Design Based Findings API Finding

Numeric ID

Findings Design Based Findings API Finding

PayPal Secrets Found in AI Logs

Findings Log Based Findings API Finding

Paypal secrets found in logs

Findings Log Based Findings API Finding

PHP injection found in logs

Findings Log Based Findings API Finding

PII Detected in AI Logs

Findings Log Based Findings API Finding

PII detected in logs

Findings Log Based Findings API Finding

Plaintext alternative authentication

Findings Design Based Findings API Finding

Plaintext API key

Findings Design Based Findings API Finding

Plaintext Basic Authentication

Findings Design Based Findings API Finding

Plaintext Bearer Token

Findings Design Based Findings API Finding

Plaintext Digest Authentication

Findings Design Based Findings API Finding

Plaintext negotiated authentication

Findings Design Based Findings API Finding

Plaintext unknown authentication

Findings Design Based Findings API Finding

POST based url-encoded query (possible CSRF)

Findings Action Based Findings API Finding

Response time limit exceeded

Findings Action Based Findings API Finding

Response timeout

Findings Action Based Findings API Finding

Response violates schema

Findings Action Based Findings API Finding

Schema build failure

Findings Design Based Findings API Finding

SendGrid Secrets Found in AI Logs

Findings Log Based Findings API Finding

SendGrid secrets found in logs

Findings Log Based Findings API Finding

Server error

Findings Action Based Findings API Finding

Slack Secrets Found in AI Logs

Findings Log Based Findings API Finding

Slack secrets found in logs

Findings Log Based Findings API Finding

SQL Injection found in logs

Findings Log Based Findings API Finding

SSL Vulnerabilities Detected

Findings Log Based Findings API Finding

Stripe Secrets Found in AI Logs

Findings Log Based Findings API Finding

Stripe secrets found in logs

Findings Log Based Findings API Finding

Suspicious activity found in logs

Findings Log Based Findings API Finding

Tracing enabled

Findings Action Based Findings API Finding

Twilio Secrets Found in AI Logs

Findings Log Based Findings API Finding

Twilio secrets found in logs

Findings Log Based Findings API Finding

Unconstrained additional properties

Findings Design Based Findings API Finding

Undefined integer format

Findings Design Based Findings API Finding

Undefined integer limit

Findings Design Based Findings API Finding

Undefined string limit

Findings Design Based Findings API Finding

Undocumented Content-Type

Findings Action Based Findings API Finding

Undocumented HTTP status code

Findings Action Based Findings API Finding

Unexpected GraphQL Response

Findings Action Based Findings API Finding

Unhandled Errors in GraphQL Endpoint

Findings Action Based Findings API Finding

Unresolvable references

Findings Design Based Findings API Finding

Unrestricted string

Findings Design Based Findings API Finding

Use after free

Findings Action Based Findings API Finding

Vulnerabilities Detected

Findings Log Based Findings API Finding

XSS attempt found in logs

Findings Log Based Findings API Finding