Endpoint Risk Score ¶
API Discovery automatically calculates a risk score for each endpoint in your API inventory. The risk score allows you to understand which endpoints are most likely to be an attack target and therefore should be the focus of your security efforts.
Risk score factors¶
The risk score is made up of various factors, each having its own weight when calculating the final risk score. By default, the highest weight from all factors is used as endpoint risk score.
Factor | Description | Default weight |
---|---|---|
Active vulnerabilities | Active vulnerabilities may result in unauthorized data access or corruption. | 9 |
Potentially vulnerable to BOLA | Presence of the variable path parts, such as user IDs, e.g. /api/articles/author/{parameter_X} . Attackers can manipulate object IDs and, in case of insufficient request authentication, either read or modify the object sensitive data (BOLA attacks). | 6 |
Parameters with sensitive data | Rather than directly attacking APIs, attackers can steal sensitive data and use it to seamlessly reach your resources. | 8 |
Number of query and body parameters | A large number of parameters increases the number of attack directions. | 6 |
Accepts XML / JSON objects | XML or JSON objects passed in requests may be used by attackers to transfer malicious XML external entities and injections to the server. | 6 |
Allows uploading files to the server | Endpoints are frequently targeted by Remote Code Execution (RCE) attacks, where files with malicious code are uploaded to a server. To secure these endpoints, uploaded file extensions and contents should be properly validated as recommended by the OWASP Cheat Sheet. | 6 |
To adapt risk score estimation under your understanding of importance of factors, you can configure the weight of each factor in risk score calculation and calculation method.
Risk score levels¶
Risk score may be from 1
(lowest) to 10
(highest):
Value | Risk level | Color |
---|---|---|
1 to 3 | Low | Gray |
4 to 7 | Medium | Orange |
8 to 10 | High | Red |
-
1
means no risk factors for this endpoint. -
Risk score is not displayed (
N/A
) for the unused endpoints. -
Sort by risk score in the Risk column.
-
Filter
High
,Medium
orLow
using the Risk score filter.
To understand what caused the risk score for the endpoint and how to reduce the risk, go to the endpoint details:
You can also get summary on APIs by their risk score levels in Dashboards → API Discovery in the US or EU Cloud.
Customizing risk score calculation¶
You can configure the weight of each factor in risk score calculation and calculation method.
To change how risk score is calculated:
-
Click the Configure API Discovery button in the API Discovery section.
-
Switch to the Risk scoring tab.
-
Select calculation method: highest or average weight.
-
If necessary, disable factors you do not want to affect a risk score.
-
Set weights for the remaining.
-
Save changes. Wallarm will re-calculate the risk score for your endpoints in accordance with the new settings in several minutes.