Findings Documentation
All pages tagged with "findings"
Findings overview
Posture Management
Findings
July 26, 2023
AI findings overview
Posture Management
Findings
AI
July 26, 2023
FireTail's Finding
Findings
May 15, 2025
Accepted negative data
Findings
Action Based Findings
API Finding
Access logging should be configured for API Gateway V2 Stages
Findings
Cloud Based Findings
API Finding
Adversarial suffix vulnerability
Findings
Action Based Findings
AI Finding
AI Input Tokens Elevated
Findings
Log Based Findings
AI Finding
AI Input Tokens Reduced
Findings
Log Based Findings
AI Finding
AI Latency Elevated
Findings
Log Based Findings
AI Finding
AI Latency Reduced
Findings
Log Based Findings
AI Finding
AI Majority Stop Reason
Findings
Log Based Findings
AI Finding
AI Output Tokens Elevated
Findings
Log Based Findings
AI Finding
AI Output Tokens Reduced
Findings
Log Based Findings
AI Finding
AI Total Tokens Elevated
Findings
Log Based Findings
AI Finding
AI Total Tokens Reduced
Findings
Log Based Findings
AI Finding
Alias Overloading
Findings
Action Based Findings
API Finding
ANSI vulnerability
Findings
Action Based Findings
AI Finding
API Gateway access logging is not configured for FireTail
Findings
Cloud Based Findings
API Finding
API Gateway REST and WebSocket API execution logging should be enabled
Findings
Cloud Based Findings
API Finding
API Gateway Stage missing WAF
Findings
Cloud Based Findings
API Finding
API key in query string
Findings
Design Based Findings
API Finding
API key in URL
Findings
Design Based Findings
API Finding
AppSync field-level logging is not enabled
Findings
Cloud Based Findings
API Finding
AppSync GraphQL API authentication using API keys
Findings
Cloud Based Findings
API Finding
AppSync Graphql API is missing WAF
Findings
Cloud Based Findings
API Finding
AppSync GraphQL API query depth limit high
Findings
Cloud Based Findings
API Finding
AppSync GraphQL API query depth limit not set
Findings
Cloud Based Findings
API Finding
AppSync GraphQL API resolver count limit high
Findings
Cloud Based Findings
API Finding
AppSync GraphQL API resolver count limit not set
Findings
Cloud Based Findings
API Finding
AppSync introspection endpoint enabled
Findings
Cloud Based Findings
API Finding
AppSync logging is not enabled
Findings
Cloud Based Findings
API Finding
Array-based Query Batching
Findings
Action Based Findings
API Finding
Attack generation vulnerability
Findings
Action Based Findings
AI Finding
Authentication removed
Findings
Design Based Findings
API Finding
Average Combined Header Size Elevated
Findings
Log Based Findings
API Finding
Average Combined Header Size Reduced
Findings
Log Based Findings
API Finding
Average Combined Payload Size Elevated
Findings
Log Based Findings
API Finding
Average Combined Payload Size Reduced
Findings
Log Based Findings
API Finding
Average Execution Time Elevated
Findings
Log Based Findings
API Finding
Average Execution Time Reduced
Findings
Log Based Findings
API Finding
Average Request Header Size Elevated
Findings
Log Based Findings
API Finding
Average Request Header Size Reduced
Findings
Log Based Findings
API Finding
Average Request Payload Size Elevated
Findings
Log Based Findings
API Finding
Average Request Payload Size Reduced
Findings
Log Based Findings
API Finding
Average Response Header Size Elevated
Findings
Log Based Findings
API Finding
Average Response Header Size Reduced
Findings
Log Based Findings
API Finding
Average Response Payload Size Elevated
Findings
Log Based Findings
API Finding
Average Response Payload Size Reduced
Findings
Log Based Findings
API Finding
AWS ALB has insecure desync mitigation mode
Findings
Cloud Based Findings
API Finding
AWS ALB has insecure desync mitigation mode
Findings
Cloud Based Findings
API Finding
AWS ALB has WAF set to fail open
Findings
Cloud Based Findings
API Finding
AWS ALB is missing WAF
Findings
Cloud Based Findings
API Finding
AWS ALB listeners should be configured with a strong security policy
Findings
Cloud Based Findings
API Finding
AWS ALB listeners should use HTTPS or TLS termination
Findings
Cloud Based Findings
API Finding
AWS ALB logging is not enabled
Findings
Cloud Based Findings
API Finding
AWS ALB not configured to drop invalid HTTP headers
Findings
Cloud Based Findings
API Finding
AWS ALB should redirect HTTP to HTTPS
Findings
Cloud Based Findings
API Finding
AWS API Gateway not private
Findings
Design Based Findings
API Finding
AWS Load Balancer missing deletion protection
Findings
Cloud Based Findings
API Finding
AWS Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
AWS secrets found in logs
Findings
Log Based Findings
API Finding
Base64-encoded content detected in AI logs
Findings
Log Based Findings
API Finding
Basic Authentication found in logs
Findings
Log Based Findings
API Finding
Basic HTTP auth
Findings
Design Based Findings
API Finding
Block list bypass vulnerability
Findings
Action Based Findings
AI Finding
Circular references
Findings
Design Based Findings
API Finding
Continuation vulnerability
Findings
Action Based Findings
AI Finding
Credentials in URL
Findings
Design Based Findings
API Finding
CVE Detected
Findings
Action Based Findings
API Finding
DAN jailbreak vulnerability
Findings
Action Based Findings
AI Finding
Data exposure detected
Findings
Action Based Findings
API Finding
Default Login Detected
Findings
Action Based Findings
API Finding
Directive Overloading
Findings
Action Based Findings
API Finding
Do-Not-Answer vulnerability
Findings
Action Based Findings
AI Finding
Facebook Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Facebook secrets found in logs
Findings
Log Based Findings
API Finding
Field Duplication
Findings
Action Based Findings
API Finding
Field Suggestions
Findings
Action Based Findings
API Finding
Fuzzing Successful
Findings
Log Based Findings
API Finding
Get Method Query Support
Findings
Action Based Findings
API Finding
GitLab Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
GitLab secrets found in logs
Findings
Log Based Findings
API Finding
Glitch token vulnerability
Findings
Action Based Findings
AI Finding
Goodside vulnerability
Findings
Action Based Findings
AI Finding
Google Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Google secrets found in logs
Findings
Log Based Findings
API Finding
Grandma vulnerability
Findings
Action Based Findings
AI Finding
GraphQL client error
Findings
Action Based Findings
API Finding
GraphQL IDE
Findings
Action Based Findings
API Finding
GraphQL injection found in logs
Findings
Log Based Findings
API Finding
GraphQL server error
Findings
Action Based Findings
API Finding
Index creation failed
Findings
Design Based Findings
API Finding
Insecure auth scheme
Findings
Design Based Findings
API Finding
Insecure host (OAS2)
Findings
Design Based Findings
API Finding
Insecure host (OAS3)
Findings
Design Based Findings
API Finding
Introspection is enabled
Findings
Action Based Findings
API Finding
Introspection-based Circular Query
Findings
Action Based Findings
API Finding
JSON deserialization error
Findings
Action Based Findings
API Finding
Latent injection vulnerability
Findings
Action Based Findings
AI Finding
Legacy integer limit
Findings
Design Based Findings
API Finding
Mailgun Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Mailgun secrets found in logs
Findings
Log Based Findings
API Finding
Majority Response Status Codes 1XX
Findings
Log Based Findings
API Finding
Majority Response Status Codes 3XX
Findings
Log Based Findings
API Finding
Majority Response Status Codes 4XX
Findings
Log Based Findings
API Finding
Majority Response Status Codes 5XX
Findings
Log Based Findings
API Finding
Malformed media type
Findings
Action Based Findings
API Finding
Malicious activity found in logs
Findings
Log Based Findings
API Finding
Malware generation vulnerability
Findings
Action Based Findings
AI Finding
Misleading claims vulerability
Findings
Action Based Findings
AI Finding
Missing 401 response
Findings
Design Based Findings
API Finding
Missing 429 response
Findings
Design Based Findings
API Finding
Missing 4xx response
Findings
Design Based Findings
API Finding
Missing 500 response
Findings
Design Based Findings
API Finding
Missing additional properties
Findings
Design Based Findings
API Finding
Missing array limit
Findings
Design Based Findings
API Finding
Missing authentication
Findings
Design Based Findings
API Finding
Missing Content-Type header
Findings
Action Based Findings
API Finding
Missing global security
Findings
Design Based Findings
API Finding
Missing global security
Findings
Design Based Findings
API Finding
Missing rate limit headers
Findings
Design Based Findings
API Finding
Missing required headers
Findings
Action Based Findings
API Finding
Missing retry header
Findings
Design Based Findings
API Finding
Modal jailbreak vulnerability
Findings
Action Based Findings
AI Finding
Multilingual content detected in AI logs
Findings
Log Based Findings
API Finding
Mutation over GET
Findings
Action Based Findings
API Finding
No output scanning
Findings
Action Based Findings
AI Finding
Non-standard JSON Web Token
Findings
Design Based Findings
API Finding
Numeric ID
Findings
Design Based Findings
API Finding
Package hallucination vulnerability
Findings
Action Based Findings
AI Finding
PayPal Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Paypal secrets found in logs
Findings
Log Based Findings
API Finding
PHP injection found in logs
Findings
Log Based Findings
API Finding
Phrasing vulnerability
Findings
Action Based Findings
AI Finding
PII Detected in AI Logs
Findings
Log Based Findings
API Finding
PII detected in logs
Findings
Log Based Findings
API Finding
Plaintext alternative authentication
Findings
Design Based Findings
API Finding
Plaintext API key
Findings
Design Based Findings
API Finding
Plaintext Basic Authentication
Findings
Design Based Findings
API Finding
Plaintext Bearer Token
Findings
Design Based Findings
API Finding
Plaintext Digest Authentication
Findings
Design Based Findings
API Finding
Plaintext negotiated authentication
Findings
Design Based Findings
API Finding
Plaintext unknown authentication
Findings
Design Based Findings
API Finding
POST based url-encoded query (possible CSRF)
Findings
Action Based Findings
API Finding
Prompt encoding vulnerability
Findings
Action Based Findings
AI Finding
Prompt injection vulnerability
Findings
Action Based Findings
AI Finding
Prone to harmful content
Findings
Action Based Findings
AI Finding
Prone to toxic content generation
Findings
Action Based Findings
AI Finding
Repeat-reply vulnerability
Findings
Action Based Findings
AI Finding
Replay vulnerability
Findings
Action Based Findings
AI Finding
Response time limit exceeded
Findings
Action Based Findings
API Finding
Response timeout
Findings
Action Based Findings
API Finding
Response violates schema
Findings
Action Based Findings
API Finding
Schema build failure
Findings
Design Based Findings
API Finding
SendGrid Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
SendGrid secrets found in logs
Findings
Log Based Findings
API Finding
Server error
Findings
Action Based Findings
API Finding
Slack Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Slack secrets found in logs
Findings
Log Based Findings
API Finding
Snowball vulnerability
Findings
Action Based Findings
AI Finding
SQL Injection found in logs
Findings
Log Based Findings
API Finding
SSL Vulnerabilities Detected
Findings
Log Based Findings
API Finding
Stripe Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Stripe secrets found in logs
Findings
Log Based Findings
API Finding
Suspicious activity found in logs
Findings
Log Based Findings
API Finding
TAP jailbreak vulnerability
Findings
Action Based Findings
AI Finding
Tracing enabled
Findings
Action Based Findings
API Finding
Twilio Secrets Found in AI Logs
Findings
Log Based Findings
API Finding
Twilio secrets found in logs
Findings
Log Based Findings
API Finding
Unconstrained additional properties
Findings
Design Based Findings
API Finding
Undefined integer format
Findings
Design Based Findings
API Finding
Undefined integer limit
Findings
Design Based Findings
API Finding
Undefined string limit
Findings
Design Based Findings
API Finding
Undocumented Content-Type
Findings
Action Based Findings
API Finding
Undocumented HTTP status code
Findings
Action Based Findings
API Finding
Unexpected GraphQL Response
Findings
Action Based Findings
API Finding
Unhandled Errors in GraphQL Endpoint
Findings
Action Based Findings
API Finding
Unresolvable references
Findings
Design Based Findings
API Finding
Unrestricted string
Findings
Design Based Findings
API Finding
Use after free
Findings
Action Based Findings
API Finding
Vulnerabilities Detected
Findings
Log Based Findings
API Finding
XSS attack vulnerability
Findings
Action Based Findings
AI Finding
XSS attempt found in logs
Findings
Log Based Findings
API Finding
Findings Report
Reporting
Findings
May 27, 2024
What's the difference between a finding and an alert?
FAQs
Findings
Alerting
September 18, 2023
What's the difference between a finding and an incident?
FAQs
Findings
August 15, 2024
What happens when a finding is fixed?
FAQs
Findings
August 15, 2024