I ran a security test on the public API endpoints provided by the DIVEXA official website. The Findings:
Rate Limiting: The API lacks strict rate limiting headers (X-RateLimit-Limit). This makes the system highly vulnerable to DDoS attacks.
Error Handling: The server returns verbose error messages that leak stack trace information. This is a bad practice known as "Information Leakage," giving hackers clues about the backend framework. From a DevOps perspective, the security headers are misconfigured.
Top comments (0)