• Severity Levels
  • Critical
  • High
  • Medium
  • Low
  • Best practice

Summary of Generated Tests

{{num_spec_files}}

 
APISpec Files

{{num_total_apis}}

 
APIs

{{num_dst_hosts}}

Destination Hosts

{{num_attack_categ}}

Attack Categories
Total Attack Vectors Generated: {{total_attack_vectors}}
Critical: {{total_critical_av_count}}
High: {{total_high_av_count}}
Medium: {{total_medium_av_count}}
Low: {{total_low_av_count}}

API Security Test Summary

Vulnerable APIs
Total
Impacted
All Spec Files
{{num_total_apis}}
APIs
{{total_vul_apis}}
APIs
Vulnerable APIs by File
{% for spec, spec_info in spec_details.items() %}
{{spec}}
{{spec_info.get('all_apis_count', 0)}}
APIs
{{spec_info.get('failed_apis_count', 0)}}
APIs
{% endfor %}

API Severity Per Attack Category

Attack Category
APIs Impacted
Highest Priority
{% for category, info in attack_category.items() %}
{{category}}
{{info.get('all_apis_count', 0)}}
APIs
{{info.get('priority', '')}} {{info.get('pri_count', 0)}}/{{info.get('all_apis_count', 0)}}
APIs
{% endfor %}

Overall Issue Insights

{{total_tests}} Total Tests Run
  • {{passed_count}}
    Passed
  • {{failed_count}}
    Failed
{{failed_count}} Failing Tests, by Severity
  • {{failed_critical_count}}
    Critical
  • {{failed_high_count}}
    High
  • {{failed_medium_count}}
    Medium
  • {{failed_low_count}}
    Low

Most frequently occurring Issue

{{ frequent_attack.get('attack') }} - {{ frequent_attack.get('failed_test') }} Tests Failed Across {{ frequent_attack.get('num_of_apis') }} APIs.
{% for spec, info in spec_details.items() %}

{{spec}} Spec

1

Spec Files

1

End Points

{{info.get('all_apis_count', 0)}}

APIs
APIs with Reported Issues by Priority
{% set p1_api_count = info.get('count_by_api_priority', {}).get('p1', 0) %} {% set p2_api_count = info.get('count_by_api_priority', {}).get('p2', 0) %} {% set p3_api_count = info.get('count_by_api_priority', {}).get('p3', 0) %} {% set p4_api_count = info.get('count_by_api_priority', {}).get('p4', 0) %} {% set no_issues_count = info.get('all_apis_count', 0) - p1_api_count - p2_api_count - p3_api_count - p4_api_count %}
  •  
  • {{info.get('count_by_api_priority', {}).get('p1', 0)}}
    Critical
  • {{info.get('count_by_api_priority', {}).get('p2', 0)}}
    High
  • {{info.get('count_by_api_priority', {}).get('p3', 0)}}
    Medium
  • {{info.get('count_by_api_priority', {}).get('p4', 0)}}
    Low
  • {{no_issues_count}}
    No Issues
  •  
Total Tests {{info.get('total_tests_count', 0)}}
Failed Tests {{info.get('total_failed_count', 0)}}
Test Results: Issues by Priority
{% set p1_count = info.get('priority_count', {}).get('p1_count', 0) %} {% set p2_count = info.get('priority_count', {}).get('p2_count', 0) %} {% set p3_count = info.get('priority_count', {}).get('p3_count', 0) %} {% set p4_count = info.get('priority_count', {}).get('p4_count', 0) %}
  • {{info.get('priority_count', {}).get('p1_count', 0)}}

    When an API is called with parameter value set to patterns that were associated with attacks that can cause critical/high severity damage, the API returns 200 with OK data. It appears that the application not only processes the fuzz parameter, but also is at risk of leaking data.

  • {{info.get('priority_count', {}).get('p2_count', 0)}}

    When an API is called with parameter value set to patterns that were associated with known attacks that can cause medium/low severity damages, the API returns 200 OK with data. It appears that the app not only processes the fuzz parameter but also is at risk of leaking data.

  • {{info.get('priority_count', {}).get('p3_count', 0)}}

    When an API is called with parameter value set to patterns that were associated with known attacks that can cause critical/high severity damages, the API returns 200 OK with no data. Though it does not appear that the app is at risk of leaking data, the app might have processed the fuzzed input, which can cause subsequent security issues.

  • {{info.get('priority_count', {}).get('p4_count', 0)}}

    When an API is called with parameter value set to patterns that were associated with known attacks that can cause medium/low severity damages, the API returns 200 OK with no data. Though it does not appear that the app is at risk of leaking data, the app might have processed the fuzzed input, which can cause subsequent security issues.

Failed Tests

{% for api, api_info in info.get('api_details', {}).items() %} {% for each_record in api_info %} {% endfor %} {% endfor %}
API Category
  • Issue Severity
  • Tests Failed
  • Affected Classifications
Tests Request/Response
{{api}}
{{each_record.get('attack', '-')}}

{{each_record.get('pri', '-')}}

{{each_record.get('count', '-')}}

{{each_record.get('classification', '-')}}
{{each_record.get('testinput', '-')}}
{% endfor %}