FireTail.io

Type:

Detection

Rule Severity:

Several

Fuzzing was successfully able to extract possibly sensitive information and/or resources from this API.

Successful fuzzing indicates that automated or semi-automated tools have managed to probe the API with invalid, unexpected, or random inputs, and uncovered potentially sensitive information or resources. This outcome highlights vulnerabilities in the API's input validation, error handling, or access control mechanisms. Fuzzing attacks can lead to unauthorized data exposure, exploitation of business logic flaws, or access to unintended functionality.

Remediation

Verify that any exposure is intentional or take steps to secure access to the information / resources.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications

References:

More findings

All Findings

Fuzzing successful

firetail:fuzzing-successful

Type:

Detection

Rule Severity:

Several

Remediation

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

More findings

Access logging not configured for API Gateway V2 stages

Average response payload size reduced

JSON deserialization error

Average combined header size elevated

Server error

GraphQL IDE