![]() Even if it parses the OpenAPI doc, it misses out on specific endpoints (for reasons unknown) and required headers. Suppose you want to scan an API server that exposes OpenAPI doc Burp Scanner parses the OpenAPI doc only when you explicitly specify the file path while starting Active Scan. Vulnerabilities detected What am I trying to say? Cross-Site Scripting ( Issue: Cross-site scripting - reflected).No input validation ( Issue: Input returned in response - reflected).Insecure transport ( Issue: Unencrypted Communications).However, Burp Scanner found these issues: Authentication Bypass (As SQLi in can be used to bypass the requirement of admin token to create user).So security scanners, in general, can’t find issues like: It’s hard to give a general context of a user/object, roles, & permissions to security scanners. Information Disclosure (unless the information is email addresses, private IPs, SSN, credit card numbers, etc.).VAPI’s documentation says that the project has the following vulnerabilities:įrom the above vulnerabilities, Burp Scanner cannot find the following vulnerability classes (according to Burp Scanner’s Issue Definitions): Let’s see if the Burp scanner has found all vulnerabilities. The detection phase was better than before. Burp still hasn’t found endpoints like /uptime/:flag, /widget, /users, etc. ![]() ![]() The endpoints /tokens and /uptime are new, and Burp seems to have fetched them from the OpenAPI doc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |