|
API Key is not removed before the request is sent to target system
|
High |
Proxy |
Data in Transit |
CWE-201
|
|
Authorization header is not removed before the request is sent to target system
|
High |
Proxy |
Data in Transit |
CWE-201
|
|
Cache is accessed without prior authentication
|
High |
Step |
Authentication & Authorisation |
CWE-306
|
|
Confidential data is used as a cache key
|
High |
Step |
Data at Rest |
CWE-256
CWE-312
|
|
Insecure Quota configuration
|
High |
Step |
Code Quality
Data Validation |
CWE-770
|
|
Open Redirect
|
High |
Step |
Data Validation |
CWE-601
CWE-20
|
|
Policy sets confidential data in URL parameters
|
High |
Step |
Data in Transit |
CWE-598
|
|
Proxy doesn't have default flow
|
High |
Proxy |
Code Quality
Data Validation |
CWE-20
|
|
Request content is tainted by user input
|
High |
Step |
Data Validation |
CWE-20
CWE-116
|
|
Target URL is tainted by user input
|
High |
Step |
Data Validation |
CWE-22
CWE-233
CWE-918
CWE-20
|
|
Unsafe regular expression
|
High |
Step |
Data Validation |
CWE-1333
|
|
Unsafe variable is used to define host
|
High |
Step |
Data Validation |
CWE-20
|
|
User-controlled data in ServiceCallout
|
High |
Step |
Data Validation |
CWE-233
CWE-20
|