Issue Rules (Checkers)

Issues discovered by Mayhem for API are categorized by Rule. Each Rule corresponds to one or more checkers that are executed as part of an API testing run.

The following is a list of supported Rules. Click a link below to view the details of a specific rule.

• Authentication Bypass (auth-bypass)
• Command Injection (command-injection)
• Internal Server Error (internal-server-error)
• Invalid Request Spec (invalid-request-spec)
• Invalid Response Spec (invalid-response-spec)
• NoSQL Injection (nosql-injection)
• PII Disclosure (pii-disclosure)
• Path Traversal (path-traversal)
• Reported by a custom error-classifying plugin. (plugin)
• SQL Injection (sql-injection)
• Server Crash (server-crash)
• Server Side Request Forgery (SSRF) (ssrf)
• Timeout (timeout)
• Verb Tampering (verb-tampering)