jaleelsyed
commented
1 year ago Message : This issue is manually closed from FX control plane.
Title: SLA Vulnerability on GET:/api/v1/orgs Project: NB 58 Description:
Assertion Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/orgs?page=1001&pageSize=1001 Environment: Master Playbook: ApiV1OrgsGetQueryParamPageSla Researcher: Default
QUICK TIPS
Suggestion: Effort Estimate: null Hrs Wire Logs:
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c04199871205/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---
Title: SLA Vulnerability on GET:/api/v1/orgs Project: NB 58 Description: This took more time to return than the expected SLA. It might impact the overall performance of the application.
Assertion Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/orgs?page=1001&pageSize=1001 Environment: Master Playbook: ApiV1OrgsGetQueryParamPageSla Researcher: [apisec Bot]
QUICK TIPS
Suggestion: Improve the performance of this call. Effort Estimate: 2.0 Hrs Wire Logs: 03:03:18 [D] [AVOGQPPSla] : Endpoint [http://netbanking.apisec.ai:8080/api/v1/orgs?page=1001&pageSize=1001] 03:03:18 [D] [AVOGQPPSla] : Method [GET] 03:03:18 [D] [AVOGQPPSla] : Authorization [Default] 03:03:18 [D] [AVOGQPPSla] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization:"Basic *****"]] 03:03:18 [D] [AVOGQPPSla] : Request [] 03:03:18 [D] [AVOGQPPSla] : Status code [200] 03:03:18 [D] [AVOGQPPSla] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=MGNhZDM0OTEtZjczNi00ODgwLTgyYjEtMDZmNTVmOWIzNTFj; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Tue, 17 Jan 2023 15:03:17 GMT"]] 03:03:18 [D] [AVOGQPPSla] : Response [Hidden]. //To view the response set 'showResponse: true' under policies 03:03:18 [D] [AVOGQPPSla] : Response time [1715] 03:03:18 [D] [AVOGQPPSla] : Response size [140] 03:03:18 [E] [AVOGQPPSla] : Assertion [@StatusCode == 200 AND @ResponseTime < 1000] resolved-to [200 == 200 AND 1715 < 1000] result [Failed]
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c04199871205/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Scan Dashboard: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/profiles/8adc80eb84e1c98e0184e5f2a02953c6/runs/8adc800d85bef5300185c04170912a01
Playbook: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/playbooks/ApiV1OrgsGetQueryParamPageSla
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
Code Sample: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c04199871205/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---