Configure your API

In this section we will examine how to configure specific frameworks to help Mayhem For API find problems, such as possible SQL Injection, that might not be as discoverable with default application settings. These configuration changes are optional and are rarely safe for production; however, they can provide more value out of Mayhem for API when enabled in a safe environment such as part of your CI/CD pipeline.

These changes typically involve adjusting your API configuration to return additional information in the response whenever an internal error occurs, such as the stack trace.

This will help you get to the root cause of buggy endpoints faster and can help the fuzzer identify security threats more accurately such as error-based SQL Injection attacks:

💡 If you do not see your API framework here yet, please let us know: mayhem4api@forallsecure.com