◀ Back
Current API Gateway is Kong

API Service Attack Synthesizer

[2A-1] OWASP API2:2023 - Broken Authentication
Show Dashboard

Access request for the same account with multiple passwords in a given time span (brute force)

[3A-1] OWASP API3:2023 - Broken Object Property Level Authorization
Show Dashboard

Call is successful but invalid scope was provided

[4A-1] OWASP API4:2023 - Unrestricted Resource Consumption
Show Dashboard

Out of the ordinary number of valid requests

[5A-1] OWASP API5:2023 - Broken Function Level Authorization
Show Dashboard

Valid tokens are trying to access operations that don't exist

[5B-2] OWASP API5:2023 - Invalid Endpoint / Client
Show Dashboard

IPs trying to access services/endpoints that don't exist

[6A-1] OWASP API6:2023 - Unrestricted Access to Sensitive Business Flows
Show Dashboard

An unusual number of requests to a sensitive operation from a single user

PII in Response
Show Dashboard

Response contains PII

Console
]]>