API security testing vulnerability checks
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
{{< history >}}
- Renamed from DAST API vulnerability checks to API security testing vulnerability checks in GitLab 17.0.
{{< /history >}}
API security testing provides vulnerability checks that are used to scan for vulnerabilities in the API under test.
Passive checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| Application information check | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Cleartext authentication check | High | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| JSON hijacking | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Sensitive information | High | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
| Session cookie | Medium | Passive | Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full |
Active checks
| Check | Severity | Type | Profiles |
|---|---|---|---|
| CORS | Medium | Active | Active-Full, Full |
| DNS rebinding | Medium | Active | Active-Full, Full |
| Framework debug mode | High | Active | Active-Quick, Active-Full, Quick, Full |
| Heartbleed OpenSSL vulnerability | High | Active | Active-Full, Full |
| HTML injection check | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| Insecure HTTP methods | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| JSON injection | Medium | Active | Active-Quick, Active-Full, Quick, Full |
| Open redirect | Medium | Active | Active-Full, Full |
| OS command injection | High | Active | Active-Quick, Active-Full, Quick, Full |
| Path traversal | High | Active | Active-Full, Full |
| Sensitive file | Medium | Active | Active-Full, Full |
| Shellshock | High | Active | Active-Full, Full |
| SQL injection | High | Active | Active-Quick, Active-Full, Quick, Full |
| TLS configuration | High | Active | Active-Full, Full |
| Authentication token | High | Active | Active-Quick, Active-Full, Quick, Full |
| XML external entity | High | Active | Active-Full, Full |
| XML injection | Medium | Active | Active-Quick, Active-Full, Quick, Full |
API security testing checks by profile
Passive-Quick
- Application information check
- Cleartext authentication check
- JSON hijacking
- Sensitive information
- Session cookie
Active-Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Active-Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity
Quick
- Application information check
- Cleartext authentication check
- Framework debug mode
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- OS command injection
- Sensitive information
- Session cookie
- SQL injection
- Authentication token
- XML injection
Full
- Application information check
- Cleartext authentication check
- CORS
- DNS rebinding
- Framework debug mode
- Heartbleed OpenSSL vulnerability
- HTML injection check
- Insecure HTTP methods
- JSON hijacking
- JSON injection
- Open redirect
- OS command injection
- Path traversal
- Sensitive file
- Sensitive information
- Session cookie
- Shellshock
- SQL injection
- TLS configuration
- Authentication token
- XML injection
- XML external entity