Title: SLA Vulnerability on GET:/api/v1/orgs/login-status
Project: NB 58
Description: This took more time to return than the expected SLA. It might impact the overall performance of the application.
Assertion
Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA
Severity: Medium
API Endpoint: http://netbanking.apisec.ai:8080/api/v1/orgs/login-status
Environment: Master
Playbook: ApiV1OrgsLoginStatusGetQueryParamSla
Researcher: [apisec Bot]
Title: SLA Vulnerability on GET:/api/v1/orgs/login-status Project: NB 58 Description: This took more time to return than the expected SLA. It might impact the overall performance of the application.
Assertion Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/orgs/login-status Environment: Master Playbook: ApiV1OrgsLoginStatusGetQueryParamSla Researcher: [apisec Bot]
QUICK TIPS
Suggestion: Improve the performance of this call. Effort Estimate: 2.0 Hrs Wire Logs: 05:04:07 [D] [AVOLSGQPSla] : Endpoint [http://netbanking.apisec.ai:8080/api/v1/orgs/login-status] 05:04:07 [D] [AVOLSGQPSla] : Method [GET] 05:04:07 [D] [AVOLSGQPSla] : Authorization [Default] 05:04:07 [D] [AVOLSGQPSla] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization:"Basic *****"]] 05:04:07 [D] [AVOLSGQPSla] : Request [] 05:04:07 [D] [AVOLSGQPSla] : Status code [200] 05:04:07 [D] [AVOLSGQPSla] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=ZTlhYjVlMTUtNmFhZi00OTY0LWJiYTYtMTk0ZDBlNmE3Y2Vj; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 19 Jan 2023 05:04:07 GMT"]] 05:04:07 [D] [AVOLSGQPSla] : Response [Hidden]. //To view the response set 'showResponse: true' under policies 05:04:07 [D] [AVOLSGQPSla] : Response time [1599] 05:04:07 [D] [AVOLSGQPSla] : Response size [1055] 05:04:07 [E] [AVOLSGQPSla] : Assertion [@StatusCode == 200 AND @ResponseTime < 1000] resolved-to [200 == 200 AND 1599 < 1000] result [Failed]
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c869b7600fe4/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Scan Dashboard: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/profiles/8adc80eb84e1c98e0184e5f2a02953c6/runs/8adc823d85bef6cb0185c869930d41f6
Playbook: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/playbooks/ApiV1OrgsLoginStatusGetQueryParamSla
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
Code Sample: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc823e85befabf0185c869b7600fe4/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---