FireTail’s Findings feature enables the detection of critical API security issues and aligns with best practices from various API security frameworks, including the OWASP API Security Top 10, CIS API Security Guide, MITRE ATT&CK Tactics & Techniques, and the MITRE CWE Top 25.
- OWASP API Security Top 10 - A comprehensive document outlining the ten most critical security risks facing APIs, curated from real-world data and expert insights. It serves as a valuable resource for developers and security professionals to prioritize security efforts and ensure the safe design and implementation of APIs.
- MITRE CWE Top 25 Most Dangerous Software Weaknesses - Identifies common and severe software vulnerabilities that attackers often exploit to gain unauthorized access, execute malicious code, or disrupt software systems.
- MITRE ATT&CK Enterprise Tactics - Represent the high-level objectives or goals adversaries aim to achieve during a cyberattack—essentially the "why" behind their actions.
- MITRE ATT&CK Enterprise Techniques - Details the specific methods or actions adversaries use to achieve these objectives, representing the "how" of an attack.
- CIS API Security Guide - Provides comprehensive recommendations and best practices to ensure the security and integrity of APIs. It serves as a practical resource for implementing security controls throughout the API lifecycle, with a focus on API-specific aspects across different technologies, including networked and cloud environments.
Findings can be generated in the following ways:
- When a specification is uploaded to the FireTail platform.
- A GitHub repository is scanned.
- Through detections from logs.
- Through observations from active scanning.
The file or repository is scanned to uncover any vulnerabilities and subsequently, a finding is generated.
Below is a list of all possible findings. Click on each finding to view remediation details and examples.
