API security testing vulnerability checks

API security testing provides vulnerability checks that are used to scan for vulnerabilities in the API under test.

Passive checks

Check	Severity	Type	Profiles
Application information check	Medium	Passive	Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full
Cleartext authentication check	High	Passive	Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full
JSON hijacking	Medium	Passive	Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full
Sensitive information	High	Passive	Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full
Session cookie	Medium	Passive	Passive, Passive-Quick, Active-Quick, Active-Full, Quick, Full

Check	Severity	Type	Profiles
CORS	Medium	Active	Active-Full, Full
DNS rebinding	Medium	Active	Active-Full, Full
Framework debug mode	High	Active	Active-Quick, Active-Full, Quick, Full
Heartbleed OpenSSL vulnerability	High	Active	Active-Full, Full
HTML injection check	Medium	Active	Active-Quick, Active-Full, Quick, Full
Insecure HTTP methods	Medium	Active	Active-Quick, Active-Full, Quick, Full
JSON injection	Medium	Active	Active-Quick, Active-Full, Quick, Full
Open redirect	Medium	Active	Active-Full, Full
OS command injection	High	Active	Active-Quick, Active-Full, Quick, Full
Path traversal	High	Active	Active-Full, Full
Sensitive file	Medium	Active	Active-Full, Full
Shellshock	High	Active	Active-Full, Full
SQL injection	High	Active	Active-Quick, Active-Full, Quick, Full
TLS configuration	High	Active	Active-Full, Full
Authentication token	High	Active	Active-Quick, Active-Full, Quick, Full
XML external entity	High	Active	Active-Full, Full
XML injection	Medium	Active	Active-Quick, Active-Full, Quick, Full