ServiceCallout MessageLogging Target Proxy
Name Severity Scopes Tags Links
Connection to the system is not encrypted Critical ServiceCallout MessageLogging Target Data in Transit CWE-319
Lack of certificate validation Critical ServiceCallout MessageLogging Target Data in Transit CWE-295
API Key is not removed before the request is sent to target system High Proxy Data in Transit CWE-201
Authorization header is not removed before the request is sent to target system High Proxy Data in Transit CWE-201
No TLS protocol specified in connection definition High ServiceCallout MessageLogging Target Data in Transit CWE-327
Proxy doesn't have default flow High Proxy Code Quality Data Validation CWE-20
Lack of DefaultFaultRule Medium Target Proxy Error Handling CWE-390
MatchesPath is applied to a static parameter Medium Target Proxy Code Quality Data Validation CWE-20
No SpikeArrest policy is applied Medium Proxy Code Quality DoS Protection CWE-770
ServiceCallout policy uses default message object as a request Medium ServiceCallout Code Quality CWE-200
ServiceCallout policy uses default message object as a response Medium ServiceCallout Code Quality CWE-200
Unreachable Flow Medium Proxy Code Quality CWE-561
Unreachable RouteRule Medium Proxy Code Quality CWE-561
Missing security headers Low Proxy Secure Configuration CWE-523
No mask configuration for the proxy Low Proxy Code Quality
Missing API versioning Info Proxy Secure Configuration CWE-710
Policy is not linked to step Info Proxy Code Quality CWE-561
Resource is not linked to a policy Info Proxy Code Quality CWE-561