Vulnerability Categories

Detectify detects a wide range of vulnerability types across web applications, APIs, and infrastructure. This page provides an overview of the main categories.

Injection Vulnerabilities

Cross-Site Scripting (XSS)

XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. Detectify tests for:

• Reflected XSS — Malicious input is reflected back in the response without proper sanitization
• Stored XSS — Malicious input is persisted (for example, in a database) and served to other users
• DOM-based XSS — Client-side JavaScript processes untrusted data in an unsafe way

SQL Injection (SQLi)

SQL injection occurs when user input is incorporated into SQL queries without proper parameterization. Attackers can extract, modify, or delete database contents. Detectify tests for error-based, blind, and time-based SQL injection across various database engines.

Server-Side Request Forgery (SSRF)

SSRF vulnerabilities allow attackers to make the server issue requests to arbitrary destinations, including internal services that are not directly accessible. This can lead to access to metadata services, internal APIs, and cloud provider credentials.

Remote Code Execution (RCE)

RCE vulnerabilities allow attackers to execute arbitrary code on the server. These are typically the most critical findings and can result from deserialization flaws, template injection, or other server-side weaknesses.

Command Injection

Command injection occurs when user input is passed to operating system commands without proper sanitization. Attackers can execute arbitrary system commands, potentially gaining full control of the server.

Path Traversal

Path traversal (also called directory traversal) allows attackers to access files outside the intended directory by manipulating file path parameters. This can expose configuration files, source code, or sensitive system files.

XML External Entity (XXE)

XXE vulnerabilities exist in applications that parse XML input. An attacker can define external entities that read local files, make network requests, or cause denial of service.

Prompt Injection

Prompt injection targets applications that integrate large language models (LLMs). Attackers craft inputs that manipulate the LLM’s behavior, potentially bypassing safety controls, extracting system prompts, or causing unintended actions. Detectify tests for prompt injection in both web application forms and API endpoints.

Authorization Vulnerabilities

Broken Object-Level Authorization (BOLA)

BOLA (also known as IDOR — Insecure Direct Object Reference) occurs when an application does not verify that the authenticated user is authorized to access a specific resource. Attackers can access or modify other users’ data by changing object identifiers in requests.

Infrastructure Vulnerabilities

Subdomain Takeover

Subdomain takeover occurs when a DNS record points to a service that has been deprovisioned. An attacker can claim the orphaned service and serve malicious content on your subdomain. Detectify monitors for dangling DNS records across common cloud providers.

SSL/TLS Issues

SSL/TLS vulnerabilities include:

• Expired or soon-to-expire certificates
• Weak cipher suites
• Outdated protocol versions (SSLv3, TLS 1.0, TLS 1.1)
• Missing or misconfigured HSTS headers
• Certificate chain issues

Certificate Issues

Beyond SSL/TLS protocol issues, Detectify identifies problems with certificates themselves:

• Certificates issued for the wrong domain
• Self-signed certificates on public-facing services
• Certificates from untrusted certificate authorities
• Wildcard certificate misuse

Additional Injection Types