Detailed Security Log Results for RESTFUL API

mikefrank1 · ‎11-01-2022

When I run a Security Scan, such as Cross Site Scripting, I'm not finding a detailed log for each test. I find a summary for each test indicating that a pass or fail was the result, but no details about each test.

I tried generating different types of logs, but none of them meet the criteria that I am seeking.

So, let's say that one of my security scans looks like this -->

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>
I'm not seeing that scan and the results in a log.
How do I generate detailed log results/

Samuel_Young · ‎11-03-2022

Good Morning Mike,

There are a few options for viewing Security Scan Logs. We would love to hear more about your criteria. The option outlined below will allow you to export the logs out to a file. I have stored mine as a simple txt file.

In particular, the scan that you have performed is applying values within the URL of the request as seen below.

GET https://petstore.swagger.io:443/v2/pet/findByTags?tags=%27%3Balert%28String.fromCharCode%2888%2C83%2... HTTP/1.1

SmartBear Article: https://support.smartbear.com/readyapi/docs/security/scans/types/xss.html

Detailed Security Log Results for RESTFUL API

Detailed Security Log Results for RESTFUL API

Get Data dialog

How I cast a numeric value in json payload?

Error getting response; java.net.SocketTimeoutExce...

java.net.SocketTimeoutException: Read timed out

For graphql variables, data from the Grid, get ser...