Fuzzing successful

firetail:fuzzing-successful

Type:

Detection

Rule Severity:

Not Applicable

Fuzzing was successfully able to extract possibly sensitive information and/or resources from this API.

Remediation

Verify that any exposure is intentional or take steps to secure access to the information / resources.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Plaintext digest authentication
AppSync GraphQL API resolver count limit not set
Majority response status codes 4XX
Average response payload size elevated
Malicious activity found in logs
Plaintext basic authentication