API security testing vulnerability checks
Tier: Ultimate
Offering: GitLab.com, Self-managed, GitLab Dedicated
History
- Renamed from DAST API vulnerability checks to API security testing vulnerability checks in GitLab 17.0.
API security testing provides vulnerability checks that are used to scan for vulnerabilities in the API under test.
Passive checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| Application information check | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active Full, Quick, Full |
| Cleartext authentication check | High | Passive | Passive, Passive-Quick, Active-Quick, Active Full, Quick, Full |
| JSON hijacking | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active Full, Quick, Full |
| Sensitive information | High | Passive | Passive, Passive-Quick, Active-Quick, Active Full, Quick, Full |
| Session cookie | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active Full, Quick, Full |
Active checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| CORS | Medium | Active | Active Full, Full |
| DNS rebinding | Medium | Active | Active Full, Full |
| Framework debug mode | High | Active | Active-Quick, Active Full, Quick, Full |
| Heartbleed OpenSSL vulnerability | High | Active | Active Full, Full |
| HTML injection check | Medium | Active | Active-Quick, Active Full, Quick, Full |
| Insecure HTTP methods | Medium | Active | Active-Quick, Active Full, Quick, Full |
| JSON injection | Medium | Active | Active-Quick, Active Full, Quick, Full |
| Open redirect | Medium | Active | Active Full, Full |
| OS command injection | High | Active | Active-Quick, Active Full, Quick, Full |
| Path traversal | High | Active | Active Full, Full |
| Sensitive file | Medium | Active | Active Full, Full |
| Shellshock | High | Active | Active Full, Full |
| SQL injection | High | Active | Active-Quick, Active Full, Quick, Full |
| TLS configuration | High | Active | Active Full, Full |
| Authentication token | High | Active | Active-Quick, Active Full, Quick, Full |
| XML external entity | High | Active | Active Full, Full |
| XML injection | Medium | Active | Active-Quick, Active Full, Quick, Full |
API security testing checks by profile
Passive-Quick
- Application information check
- Cleartext authentication check
- JSON hijacking
- Sensitive information
- Session cookie
Active-Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Active-Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity
Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity