Coverage
API Security Testing detects over 25 vulnerability types across injection, authentication, authorization, and configuration categories. This page lists the full coverage and provides details on payload depth.
Vulnerability Types
Injection Vulnerabilities
| Vulnerability | Description |
|---|---|
| SQL Injection (SQLi) | Detects SQL injection in query parameters, request bodies, and headers |
| NoSQL Injection | Tests for injection in NoSQL databases such as MongoDB |
| Server-Side Template Injection (SSTI) | Identifies template injection in server-side rendering engines |
| Command Injection | Tests for operating system command injection through API inputs |
| LDAP Injection | Detects injection in LDAP query construction |
| JSON Injection | Tests for injection through malformed JSON payloads |
| CRLF Injection | Identifies carriage return / line feed injection in headers and responses |
| XML External Entity (XXE) | Tests for XXE vulnerabilities in XML-accepting endpoints |
| Cross-Site Scripting (XSS) | Detects reflected and stored XSS through API responses |
| Path Traversal | Tests for directory traversal to access files outside the intended scope |
| Server-Side Request Forgery (SSRF) | Detects SSRF where the API can be tricked into making requests to internal services |
| Edge Side Includes (ESI) Injection | Tests for ESI injection in caching layers |
| Prompt Injection | Detects prompt injection in AI/LLM-powered endpoints |
Authorization and Authentication
| Vulnerability | Description |
|---|---|
| Broken Object-Level Authorization (BOLA) | Tests whether users can access resources belonging to other users by manipulating object identifiers |
Configuration and Transport
| Vulnerability | Description |
|---|---|
| SSL/TLS Issues | Identifies weak cipher suites, expired certificates, and protocol misconfigurations |
Payload Depth
API Security Testing uses extensive payload libraries to maximize detection rates.
Command Injection
The scanner includes approximately 330,000 command injection payloads, covering:
- Different operating systems (Linux, Windows, macOS)
- Various shell interpreters (bash, sh, cmd, PowerShell)
- Encoding and obfuscation techniques to bypass input filters
- Chained commands and time-based detection methods
Prompt Injection
For prompt injection testing, the scanner uses a combinatorial approach that generates payloads from multiple dimensions:
- Injection techniques (direct, indirect, context manipulation)
- Target behaviors (information extraction, safety bypass, role manipulation)
- Encoding variations (Unicode, Base64, mixed case)
- Language variations
This combinatorial approach produces approximately 922 quintillion (9.22 x 10^17) permutations, ensuring broad coverage of prompt injection attack vectors. The scanner intelligently samples from this space to provide practical coverage within scan time constraints.
Payload Rotation
Not all payloads are sent in a single scan run. API Security Testing uses payload rotation to distribute payloads across multiple scan runs:
- Each scan run tests a different subset of payloads
- The scanner tracks which payloads have been sent to each target
- Subsequent runs prioritize untested payloads
- Over multiple runs, cumulative coverage approaches the full payload library
This design keeps individual scan runs fast while building comprehensive coverage over time.
Maximizing Coverage
- Document all endpoints in your OpenAPI spec. The scanner tests every endpoint defined in the spec, so comprehensive documentation means comprehensive coverage.
- Include object identifiers in paths to enable BOLA (Broken Object-Level Authorization) testing.
- Keep your spec accurate and complete — the scanner uses your spec’s schemas and parameter definitions to generate effective test payloads.