Connection to the system is not encrypted
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-319
|
Lack of certificate validation
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-295
|
API Key is not removed before the request is sent to target system
|
High |
Proxy |
Data in Transit |
CWE-201
|
Authorization header is not removed before the request is sent to target system
|
High |
Proxy |
Data in Transit |
CWE-201
|
No TLS protocol specified in connection definition
|
High |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-327
|
Proxy doesn't have default flow
|
High |
Proxy |
Code Quality
Data Validation |
CWE-20
|
Lack of DefaultFaultRule
|
Medium |
Target
Proxy |
Error Handling |
CWE-390
|
MatchesPath is applied to a static parameter
|
Medium |
Target
Proxy |
Code Quality
Data Validation |
CWE-20
|
No SpikeArrest policy is applied
|
Medium |
Proxy |
Code Quality
DoS Protection |
CWE-770
|
ServiceCallout policy uses default message object as a request
|
Medium |
ServiceCallout |
Code Quality |
CWE-200
|
ServiceCallout policy uses default message object as a response
|
Medium |
ServiceCallout |
Code Quality |
CWE-200
|
Unreachable Flow
|
Medium |
Proxy |
Code Quality |
CWE-561
|
Unreachable RouteRule
|
Medium |
Proxy |
Code Quality |
CWE-561
|
Missing security headers
|
Low |
Proxy |
Secure Configuration |
CWE-523
|
No mask configuration for the proxy
|
Low |
Proxy |
Code Quality |
|
Missing API versioning
|
Info |
Proxy |
Secure Configuration |
CWE-710
|
Policy is not linked to step
|
Info |
Proxy |
Code Quality |
CWE-561
|
Resource is not linked to a policy
|
Info |
Proxy |
Code Quality |
CWE-561
|