Issue Rules (Checkers)
Issues discovered by Mayhem for API are categorized by Rule. Each Rule corresponds to one or more checkers that are executed as part of a fuzzing run.
The following is a list of supported Rules. Click a link below to view the details of a specific rule.
- Authentication Bypass (
auth-bypass) - Command Injection (
command-injection) - Internal Server Error (
internal-server-error) - Invalid Request Spec (
invalid-request-spec) - Invalid Response Spec (
invalid-response-spec) - NoSQL Injection (
nosql-injection) - PII Disclosure (
pii-disclosure) - Path Traversal (
path-traversal) - Reported by a custom error-classifying plugin. (
plugin) - SQL Injection (
sql-injection) - Server Crash (
server-crash) - Server Side Request Forgery (SSRF) (
ssrf) - Timeout (
timeout) - Verb Tampering (
verb-tampering)