Issue Rules (Checkers)
Issues discovered by Mayhem for API are categorized by Rule. Each Rule corresponds to one or more checkers that are executed as part of a fuzzing run.
The following is a list of supported Rules. Click a link below to view the details of a specific rule.
- Authentication Bypass (
auth-bypass
) - Command Injection (
command-injection
) - Internal Server Error (
internal-server-error
) - Invalid Request Spec (
invalid-request-spec
) - Invalid Response Spec (
invalid-response-spec
) - NoSQL Injection (
nosql-injection
) - PII Disclosure (
pii-disclosure
) - Path Traversal (
path-traversal
) - Reported by a custom error-classifying plugin. (
plugin
) - SQL Injection (
sql-injection
) - Server Crash (
server-crash
) - Server Side Request Forgery (SSRF) (
ssrf
) - Timeout (
timeout
) - Verb Tampering (
verb-tampering
)