Sift Analyzers
Analyzers are an integral part of Sift. Analyzers perform checks on operations in an API to find functional defects and security vulnerabilities in an application. Each analyzer performs a unique set of checks - see the description of an analyzer. If an operation fails the checks performed by an analyzer, then a finding is reported by Sift.
Each finding has a fault identifier that classifies the kind of fault detected by an analyzer. Fault identifiers begin with a 3-letter prefix that represents a class of faults.
Fault Prefix | Description |
---|---|
CWE | Common Weakness Enumeration. The MITRE Common Weakness Enumeration (CWE) is a database containing industry standard classification of security weaknesses. Any security vulnerability is classified as one of the weaknesses in CWE. |
SCF | Conformance Fault. When a API operation does not conform to the API definition, the defect is classified as a SCF fault. |
SFF | Functional Fault. Functional defects are classified as a SFF fault. |
SIF | Injection Fault. A finding reported for a user-specified injection attack vector is classified as a SIF fault. |
SPF | Property Fault. When an API operation violates a user-specified property, the defect is classified as a SPF fault. |
List of Analyzers:
- Application-specific Property Analyzer(
PolicyEvaluator
) - Access Control
- Conformance
- Injection
- Protocol
- Request Forgery
- Sensitive Data Exposure
- Configurable Data Exposure (
DataExposure
) - Credit Card Exposure (
CCExposure
) - Date of Birth Exposure (
DOBExposure
) - Email Exposure (
EmailExposure
) - Error Message Exposure (
ErrorMessageExposure
) - JWT Sensitive Information (
JWTSensitiveInfo
) - Password Exposure (
PasswordExposure
) - Personal Identification Number Exposure (
SSNExposure
)
- Configurable Data Exposure (