Security Test Report

API spec assessment for risks and compliance

22 Jan 2022

Prepared for: Name of the company

Prepared by: Imperva API Security Team

Uploaded file name: File Name

Creation Time: Jan 22, 2022, 14:56

Table of Contents

Fuzz Tests Summary OWASP API Top 10 Overall Test Issues File Summary FAQ

Summary of Generated Tests

Information about data found inside the zip file

What did we find inside the uploaded zip file?

APISpec Files

1

APIs

5

Impacted APIs

1

Destination Hosts

1

Attack Categories

25

Total Attack Vectors Generated

2,754

Issues distribution by severity

Critical

40

Major

10

Minor

7

Failed Tests by Severity

1

Issues distribution by severity

Critical

1

Major

0

Minor

0

Most frequently occuring violation

sql-injection - across 1 API

1 failed test

20%

OWASP API Top 10

Information about data found inside the zip file

Total Tests

100

Failed Tests

50

5

Critical

19

Major

6

Minor

Want to know more about the severities? check our FAQ

OWASP API Top 10

# Policy Violations

A1

1.3K

A2

1.3K

A3

1.3K

A4

1.3K

A5

1.3K

A6

1.3K

A7

1.3K

A8

1.3K

A9

1.3K

A10

1.3K

Overall Fuzz Test Issues

Information about design issues found in the uploaded file

What are the issue categories?

API Security Test Summary

File Name APIs APIs Impacted
ob 5 1
ob 5 1

What are the issue categories?

API Severity Per Attack Category

Attack Category OWASP API Top 10 APIs Impacted Severity Highest Severity
Data Type Definition A1 1

32 Critical

Data Type Definition A8 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Data Type Definition 1

1 Critical

Critical

Major

Minor

ob summary

Information about design issues found in the uploaded file

What did we find inside the uploaded zip file?

Spec Files

7

APIs

83

Endpoints

188

Total Tests

21

Failed Tests

100

5

Critical

19

Major

6

Minor

Want to know more about the severities? check our FAQ

APIs with failed tests

API Violation Highest Severity Failed Test Test Request/Response

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

app-demo/api/v1/get)user_details

Affected Classification

PCI 3.1

PCI 3.2

CAPEC-66

CWE-89

HIPAA-89

ISQ27001-A.14.2.5

WASC-19

OWASP 2013-A1

OWASP 2017-A1

sql-injection

1 Critical

1 Open Test Results

FAQ

Here you can get answeres on the most frequesntly asked questions

What every severity means?

Critical

Standard awareness document. It represents a broad consensus about the most critical security risks to web applications. Globally recognized by developers as the first step towards more secure coding.

Major

Standard awareness document. It represents a broad consensus about the most critical security risks to web applications. Globally recognized by developers as the first step towards more secure coding.

Minor

Standard awareness document. It represents a broad consensus about the most critical security risks to web applications. Globally recognized by developers as the first step towards more secure coding.