API security testing vulnerability checks
Tier: Ultimate
Offering: GitLab.com, Self-managed, GitLab Dedicated
History
- Renamed from DAST API vulnerability checks to API security testing vulnerability checks in GitLab 17.0.
API security testing provides vulnerability checks that are used to scan for vulnerabilities in the API under test.
Passive checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| Application information check | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Cleartext authentication check | High | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| JSON hijacking | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Sensitive information | High | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Session cookie | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
Active checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| CORS | Medium | Active | Active-Full, Full |
| DNS rebinding | Medium | Active | Active-Full, Full |
| Framework debug mode | High | Active | Active-Quick, Active-Full, Quick, Full |
| Heartbleed OpenSSL vulnerability | High | Active | Active-Full, Full |
| HTML injection check | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| Insecure HTTP methods | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| JSON injection | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| Open redirect | Medium | Active | Active-Full, Full |
| OS command injection | High | Active | Active-Quick, Active-Full, Quick, Full |
| Path traversal | High | Active | Active-Full, Full |
| Sensitive file | Medium | Active | Active-Full, Full |
| Shellshock | High | Active | Active-Full, Full |
| SQL injection | High | Active | Active-Quick, Active-Full, Quick, Full |
| TLS configuration | High | Active | Active-Full, Full |
| Authentication token | High | Active | Active-Quick, Active-Full, Quick, Full |
| XML external entity | High | Active | Active-Full, Full |
| XML injection | Medium | Active | Active-Quick, Active-Full, Quick, Full |
API security testing checks by profile
Passive-Quick
- Application information check
- Cleartext authentication check
- JSON hijacking
- Sensitive information
- Session cookie
Active-Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Active-Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity
Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity