Prepared for: Name of the company
Prepared by: ImpACT
Uploaded file name: {{ spec_filename }}
Creation Time: Jan 22, 2022, 14:56
View Report
What did we find inside the uploaded zip file?
APISpec Files
{{ num_spec_files }}
APIs
{{ num_total_apis }}
Impacted APIs
{{ total_vul_apis }}
Destination Hosts
{{ num_dst_hosts }}
Attack Categories
{{ num_attack_categ }}
Total Attack Vectors Generated
{{ total_attack_vectors }}
Attack Vectors distribution by severity
Critical
{{ total_critical_av_count + total_high_av_count }}
Major
{{ total_medium_av_count }}
Minor
{{ total_low_av_count }}
Failed Tests by Severity
{{ failed_count }}
Issues distribution by severity
Critical
{{ failed_critical_count + failed_high_count }}
Major
{{ failed_medium_count }}
Minor
{{ failed_low_count }}
Most frequently occuring violation
{{ frequent_attack.get('attack') }} - across {{ frequent_attack.get('num_of_apis') }} API
{{ frequent_attack.get('failed_test') }} failed test
20%
What are the issue categories?
API Security Test Summary
File Name | APIs | APIs Impacted |
---|---|---|
{{ spec }} | {{ spec_info.get('all_apis_count', 0) }} | {{ spec_info.get('failed_apis_count', 0) }} |
What are the issue categories?
API Severity Per Attack Category
Attack Category | APIs Impacted | Highest Severity |
---|---|---|
{{ category }} | {{ info.get('all_apis_count', 0) }} |
{% if info.get('priority', '') == 'Critical' or info.get('priority', '') == 'High' %}
{{ info.get('pri_count', 0) }} Critical {% elif info.get('priority', '') == 'Medium' %}{{ info.get('pri_count', 0) }} Major {% elif info.get('priority', '') == 'Low' %}{{ info.get('pri_count', 0) }} Minor {% endif %} |
Critical
Major
Minor
What did we find inside the uploaded zip file?
Spec Files
1
APIs
{{ info.get('all_apis_count', 0) }}
Endpoints
1
Total Tests
{{ info.get('total_tests_count', 0) }}
Failed Tests
{{ info.get('total_failed_count', 0) }}
{{ info.get('priority_count', {}).get('p1_count', 0) + info.get('priority_count', {}).get('p2_count', 0) }}
Critical
{{ info.get('priority_count', {}).get('p3_count', 0) }}
Major
{{ info.get('priority_count', {}).get('p4_count', 0) }}
Minor
Want to know more about the severities? check our FAQ
APIs with failed tests
API | Attack Category | Issue Severity | Failed Test | Test Request/Response | |||
---|---|---|---|---|---|---|---|
{{ api }} Affected Classification
{% for category in each_record.get('classification', '-').split() %}
{{ category.strip() }} {% endfor %} |
{{ each_record.get('attack', '-') }} | {% if each_record.get('pri', '-') == 1 or each_record.get('pri', '-') == 2 %}Critical |
{% elif each_record.get('pri', '-') == 3 %}
Major |
{% elif each_record.get('pri', '-') == 4 %}
Minor |
{% else %}
- |
{% endif %}
{{ each_record.get('count', '-') }} |
{{ each_record.get('testinput', '-') }} |
What every severity means?
Critical
When an API is called with parameter value set to patterns that were associated with attacks that can cause critical/high severity damage, the API returns 200 with OK data. It appears that the application not only processes the fuzz parameter, but also is at risk of leaking data.
Major
When an API is called with parameter value set to patterns that were associated with known attacks that can cause critical/high severity damages, the API returns 200 OK with no data. Though it does not appear that the app is at risk of leaking data, the app might have processed the fuzzed input, which can cause subsequent security issues.
Minor
When an API is called with parameter value set to patterns that were associated with known attacks that can cause medium/low severity damages, the API returns 200 OK with no data. Though it does not appear that the app is at risk of leaking data, the app might have processed the fuzzed input, which can cause subsequent security issues.
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer