Applies to ReadyAPI 3.3.2, last modified on September 18, 2020

Security scans are ReadyAPI tools used to identify potential security vulnerabilities in your target services. Each scan sends a number of malicious requests to your service trying to provoke and identify some behavior that indicates a security vulnerability that needs to be handled.

In This Section

Boundary Scan

This scan tries to exploit bad handling of values that are outside of defined ranges.

Cross Site Scripting Scan

This scan tries to find cross-site scripting vulnerabilities.

Custom Script Scan

This scan allows you to use a script for generating fuzzing values of custom parameters.

Fuzzing Scan

This scan generates totally random input for the specified number of requests and their parameters.

HTTP Method Fuzzing Scan

This scan generates totally random input for the specified number of requests and their parameters.

Invalid Types Scan

This scan tries to exploit handling of invalid input data.

Invalid JSON Types Scan

This scan tries to exploit handling of JSON data.

JSON Fuzzing Scan

This scan generates random input and inserts it to a specified number of JSON POST requests.

JSON Boundary Scan

This scan tries to exploit bad handling of values outside of defined ranges in JSON POST requests.

Malformed XML Scan

This scan tries to exploit bad handling of invalid XML on the server or service.

Malicious Attachment Scan

This scan tries to exploit bad handling of attached files.

Sensitive Files Exposure Scan

This scan tries to find files that contain sensitive information.

SQL Injection Scan

This scan tries to exploit bad database integration coding.

Weak Authentication Scan

This scan applies a static analysis of the request to authorization weaknesses.

XML Bomb Scan

This scan tries to exploit bad handling of a malicious XML request.

XPath Injection Scan

This scan tries to exploit bad XML processing inside your target service.

Parameters

For most security scans, it is necessary for you to define specific values which should be tested. To define these values, use the Configuration inspector.

For more information on scan parameters, see Security Scan Parameters.

See Also

Security Scan Parameters
Security Scans Types

Highlight search results