Sift Analyzers
Analyzers are an integral part of Sift. Analyzers perform checks on operations in an API to find functional defects and security vulnerabilities in an application. Each analyzer performs a unique set of checks - see the description of an analyzer. If an operation fails the checks performed by an analyzer, then a finding is reported by Sift.
Each finding has a fault identifier that classifies the kind of fault detected by an analyzer. Fault identifiers begin with a 3-letter prefix that represents a class of faults.
| Fault Prefix | Description |
|---|---|
| CWE | Common Weakness Enumeration. The MITRE Common Weakness Enumeration (CWE) is a database containing industry standard classification of security weaknesses. Any security vulnerability is classified as one of the weaknesses in CWE. |
| SCF | Conformance Fault. When a API operation does not conform to the API definition, the defect is classified as a SCF fault. |
| SFF | Functional Fault. Functional defects are classified as a SFF fault. |
| SIF | Injection Fault. A finding reported for a user-specified injection attack vector is classified as a SIF fault. |
| SPF | Property Fault. When an API operation violates a user-specified property, the defect is classified as a SPF fault. |
List of Analyzers:
- Application-specific Property Analyzer(
PolicyEvaluator) - Access Control
- Conformance
- Injection
- Protocol
- Request Forgery
- Sensitive Data Exposure
- Configurable Data Exposure (
DataExposure) - Credit Card Exposure (
CCExposure) - Date of Birth Exposure (
DOBExposure) - Email Exposure (
EmailExposure) - Endpoint Exposure (
EndpointExposure) - Error Message Exposure (
ErrorMessageExposure) - JWT Sensitive Information (
JWTSensitiveInfo) - Password Exposure (
PasswordExposure) - Personal Identification Number Exposure (
SSNExposure)
- Configurable Data Exposure (