Ask a Question

Detailed Security Log Results for RESTFUL API

mikefrank1
Occasional Contributor

Detailed Security Log Results for RESTFUL API

When I run a Security Scan, such as Cross Site Scripting, I'm not finding a detailed log for each test. I find a summary for each test indicating that a pass or fail was the result, but no details about each test.

I tried generating different types of logs, but none of them meet the criteria that I am seeking.

So, let's say that one of my security scans looks like this --> 

  • ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>
  • I'm not seeing that scan and the results in a log.
  • How do I generate detailed log results/
1 REPLY 1
Samuel_Young
Staff

Good Morning Mike,

 

There are a few options for viewing Security Scan Logs. We would love to hear more about your criteria. The option outlined below will allow you to export the logs out to a file. I have stored mine as a simple txt file. 

 

In particular, the scan that you have performed is applying values within the URL of the request as seen below. 

 

GET https://petstore.swagger.io:443/v2/pet/findByTags?tags=%27%3Balert%28String.fromCharCode%2888%2C83%2... HTTP/1.1

 

Samuel_Young_2-1667485019401.png

 

Samuel_Young_1-1667484821387.png

 

SmartBear Article: https://support.smartbear.com/readyapi/docs/security/scans/types/xss.html

 
cancel
Showing results for 
Search instead for 
Did you mean: