Manage Scans

Detected API's vulnerabilities

APIs are a critical part of modern web applications, enabling communication between different services and components. However, they also introduce security risks if not properly secured. The Detected API Vulnerabilities section in Zerothreat provides a clear breakdown of all security issues found in API endpoints, helping you identify and fix potential threats before attackers exploit them.

Understanding API Vulnerability Reports

Thumbnail

This section lists all vulnerabilities detected in API endpoints, grouped by severity: Critical, Medium, Low, and Informational. You can filter the vulnerabilities according to severity, allowing you to quickly focus on the most pressing security issues while keeping track of less severe ones.

Each entry in the list represents an API endpoint with one or more security vulnerabilities. Clicking on an endpoint opens a detailed report containing:

  • A full breakdown of the vulnerability type and risk level.
  • The exact HTTP request and response captured during the scan.
  • Evidence showing why this issue is a security concern.

Exploring an API Vulnerability in Detail

Once inside an API vulnerability report, you’ll see a structured breakdown of the issue:

  1. Vulnerability Description – A concise explanation of the problem and why it poses a risk.
  2. Affected Endpoint – The API route where the issue was found.
  3. Request & Response Data – The actual HTTP request that triggered the vulnerability and the server's response.
  4. Evidence & Impact – Proof of the security flaw, showing how attackers could exploit it.

Why This Matters

API vulnerabilities can lead to data leaks, unauthorized access, or full system compromise if left unpatched. This section ensures you have all the necessary details to understand the risk, validate the findings, and take corrective action. By reviewing API vulnerabilities thoroughly, you can strengthen the security of your application's backend and prevent future attacks.