Title: SLA Vulnerability on GET:/api/v1/savings-account/savings-account
Project: Sanity 7th July
Description: This took more time to return than the expected SLA. It might impact the overall performance of the application.
Assertion
Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA
Severity: Medium
API Endpoint: http://95.217.118.53:8080/api/v1/savings-account/savings-account?pageSize=1001
Environment: Master
Playbook: ApiV1SavingsAccountSavingsAccountGetQueryParamPagesizeSla
Researcher: [apisec Bot]
Title: SLA Vulnerability on GET:/api/v1/savings-account/savings-account Project: Sanity 7th July Description: This took more time to return than the expected SLA. It might impact the overall performance of the application.
Assertion Performance SLA scanning allows endpoint performance monitoring from one or more regions based on your customer usage. Keep historical data and identify bottlenecks before they become much worse.Risk: SLA Severity: Medium API Endpoint: http://95.217.118.53:8080/api/v1/savings-account/savings-account?pageSize=1001 Environment: Master Playbook: ApiV1SavingsAccountSavingsAccountGetQueryParamPagesizeSla Researcher: [apisec Bot]
QUICK TIPS
Suggestion: Improve the performance of this call. Effort Estimate: 1.0 Hrs Wire Logs: 00:42:52 [D] [AVSASAGQPPSla] : Endpoint [http://95.217.118.53:8080/api/v1/savings-account/savings-account?pageSize=1001] 00:42:52 [D] [AVSASAGQPPSla] : Method [GET] 00:42:52 [D] [AVSASAGQPPSla] : Authorization [Default] 00:42:52 [D] [AVSASAGQPPSla] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]]] 00:42:52 [D] [AVSASAGQPPSla] : Request [] 00:42:52 [D] [AVSASAGQPPSla] : Status code [200] 00:42:52 [D] [AVSASAGQPPSla] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=MWQ5Yjg2OWYtMzg1MC00NTg0LTg4NzUtZWE2NTFhYTFjY2Jk; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Mon, 13 Sep 2021 00:42:51 GMT"]] 00:42:52 [D] [AVSASAGQPPSla] : Response [{ "requestId" : "None", "requestTime" : "2021-09-13T00:42:52.065+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "2c9280847ab024f1017bdc9b4c291aa2", "createdBy" : "2c9280847ab024f1017ab02679280000", "createdDate" : "2021-09-13T00:42:50.281+0000", "modifiedBy" : "2c9280847ab024f1017ab02679280000", "modifiedDate" : "2021-09-13T00:42:50.281+0000", "version" : null, "inactive" : false, "accountNumber" : 735990267, "accountBalance" : 735990267, "user" : null } ], "totalPages" : 0, "totalElements" : 0 }] 00:42:52 [D] [AVSASAGQPPSla] : Response time [1081] 00:42:52 [D] [AVSASAGQPPSla] : Response size [461] 00:42:52 [E] [AVSASAGQPPSla] : Assertion [@StatusCode == 200 AND @ResponseTime < 1000] resolved-to [200 == 200 AND 1081 < 1000] result [Failed]
IMPORTANT LINKS
Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/dashboard/8a8094e27bce7d6d017bdc9b54dc466e/details
Project: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/allScans
Environment: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/environments/8a8093567a8012b6017a803bf3181500/edit
Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/profiles/8a8093567a8012b6017a803c070d16cb/runs/8a8094e27bce7d6d017bdc9a52884565
Playbook: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/playbooks/ApiV1SavingsAccountSavingsAccountGetQueryParamPagesizeSla
Coverage: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/categories
Code Sample: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/dashboard/8a8094e27bce7d6d017bdc9b54dc466e/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---