◀ Back
Current API Gateway is Kong

API Service Attack Synthesizer

OWASP API2:2023 - Broken Authentication
Splunk Dashboard

Access request for the same account with multiple passwords in a given time span (brute force)

OWASP API3:2023 - Broken Object Property Level Authorization
Splunk Dashboard

Call is successful but invalid scope was provided

OWASP API4:2023 - Unrestricted Resource Consumption
Splunk Dashboard

Out of the ordinary number of valid requests

Splunk Dashboard

Excessive Number of Records for a Single Consumer [4B-2]

OWASP API5:2023 - Broken Function Level Authorization
Splunk Dashboard

Valid tokens are trying to access operations that don't exist

Splunk Dashboard

IPs Trying to Access Services that Don't Exist [5B-2]

OWASP API6:2023 - Unrestricted Access to Sensitive Business Flows
Splunk Dashboard

An unusual number of requests to sensitive operation from a single user

PII in Response

Response contains PII

PII in Response

Response contains PII

]]>