Security scans are ReadyAPI tools used to identify potential security vulnerabilities in your target services. Each scan sends a number of malicious requests to your service trying to provoke and identify some behavior that indicates a security vulnerability that needs to be handled.
In This Section
This scan tries to exploit bad handling of values that are outside of defined ranges.
This scan tries to find cross-site scripting vulnerabilities.
This scan allows you to use a script for generating fuzzing values of custom parameters.
This scan generates totally random input for the specified number of requests and their parameters.
This scan generates totally random input for the specified number of requests and their parameters.This scan tries to exploit handling of invalid input data.
This scan tries to exploit handling of JSON data. This scan generates random input and inserts it to a specified number of JSON POST requests. This scan tries to exploit bad handling of values outside of defined ranges in JSON POST requests.This scan tries to exploit bad handling of invalid XML on the server or service.
This scan tries to exploit bad handling of attached files.
This scan tries to find files that contain sensitive information.This scan tries to exploit bad database integration coding.
This scan applies a static analysis of the request to authorization weaknesses.This scan tries to exploit bad handling of a malicious XML request.
This scan tries to exploit bad XML processing inside your target service.
Parameters
For most security scans, it is necessary for you to define specific values which should be tested. To define these values, use the Configuration inspector.
For more information on scan parameters, see Security Scan Parameters.