Comment on page

Security Tests Coverage

Explore Pynt's extensive security test coverage in our documentation! Discover how Pynt's security tests provide comprehensive security coverage for your APIs.

Test case
Category
​[BL001] User data leakage to other users - Resource-ID authorization
Business Logic
​[BL002] User data leakage to other users - User-ID authorization
Business Logic
​[BL003] User data leakage to other users - Resource-ID and User-ID authorization
Business Logic
​[BL004] User data leakage to other users - credentials authorization
Business Logic
​[BL005] User data manipulation by other users - Resource-ID authorization
Business Logic
​[BL006] User data manipulation by other users - User-ID authorization
Business Logic
​[BL007] User data manipulation by other users - Resource-ID and User-ID authorization
Business Logic
​[BL008] User data manipulation by other users - credentials authorization
Business Logic
​[BL009] Guessable resource identifier
Business Logic
​[INJ001] SQL Injection
Injections
​[INJ002] MS-SQL Injection
Injections
​[INJ003] MySQL Injection
Injections
​[INJ004] SQLite Injection
Injections
​[INJ005] PostgreSQL Injection
Injections
​[INJ006] NoSQL Injection
Injections
​[INJ007] Command Injection
Injections
​[INJ008] Server-side template injection
Injections
​[AB001] Ignored authentication token
Authentication bypass
​[AB002] No signature validation in JWT
Authentication bypass
​[AB003] JWT hashed without secret
Authentication bypass
​[AB004] No signature in JWT
Authentication bypass
​[AB005] Unsigned JWT
Authentication bypass
​[MA001] Mass assignment by manipulation of hidden attributes
Mass Assignment
​[MA002] Mass assignment by flag overloading
Mass Assignment
​[SSRF001] Local file access
Server-Side request forgery
​[ST001] Stack trace in response
Stack trace in response
​[RES001] Resources limiting
Lack of Resources and Rate Limiting
​[FM001] File path manipulation
File path manipulation
​

Test case	Category
[BL001] User data leakage to other users - Resource-ID authorization	Business Logic
[BL002] User data leakage to other users - User-ID authorization	Business Logic
[BL003] User data leakage to other users - Resource-ID and User-ID authorization	Business Logic
[BL004] User data leakage to other users - credentials authorization	Business Logic
[BL005] User data manipulation by other users - Resource-ID authorization	Business Logic
[BL006] User data manipulation by other users - User-ID authorization	Business Logic
[BL007] User data manipulation by other users - Resource-ID and User-ID authorization	Business Logic
[BL008] User data manipulation by other users - credentials authorization	Business Logic
[BL009] Guessable resource identifier	Business Logic
[INJ001] SQL Injection	Injections
[INJ002] MS-SQL Injection	Injections
[INJ003] MySQL Injection	Injections
[INJ004] SQLite Injection	Injections
[INJ005] PostgreSQL Injection	Injections
[INJ006] NoSQL Injection	Injections
[INJ007] Command Injection	Injections
[INJ008] Server-side template injection	Injections
[AB001] Ignored authentication token	Authentication bypass
[AB002] No signature validation in JWT	Authentication bypass
[AB003] JWT hashed without secret	Authentication bypass
[AB004] No signature in JWT	Authentication bypass
[AB005] Unsigned JWT	Authentication bypass
[MA001] Mass assignment by manipulation of hidden attributes	Mass Assignment
[MA002] Mass assignment by flag overloading	Mass Assignment
[SSRF001] Local file access	Server-Side request forgery
[ST001] Stack trace in response	Stack trace in response
[RES001] Resources limiting	Lack of Resources and Rate Limiting
[FM001] File path manipulation	File path manipulation

Security Testing - Previous

Page

Business Logic

Last modified 21d ago