What Issues Can Aikido Pentest Find?
Understand the main issue classes Aikido Pentest can validate during a run.
Core web and API risks
We cover the high-impact issues that most often lead to real breaches.
BOLA / IDOR (Cross-Tenant Data Leakage)
Broken Object Level Authorization and Insecure Direct Object References. We verify that User A cannot access User B’s private data (e.g., changing an ID in an API call).
Broken Access Control
Privilege escalation (vertical) and unauthorized access to admin functions.
Injection Flaws
Classic SQL Injection (SQLi) and Database Injection flaws.
Command Injection / Remote Code Execution (RCE)
Detecting if untrusted data executes system commands or OS directives.
Cross-Site Scripting (XSS)
Comprehensive scanning for stored and reflected XSS.
Authentication Failures
Weak password policies, credential stuffing, cookie integrity issues, absence of rate limiting and session management failures.
Server-Side Request Forgery (SSRF)
Tricking the server into making requests to internal resources or external systems.
Agentic application risks
If your scope includes copilots, AI agents, or tool-using LLM workflows, we also test the main risks from the OWASP Top 10 for Agentic Applications.
That includes:
Prompt injection
Sensitive data leakage
Excessive agency
Insecure tool use
Insecure output handling
Memory poisoning
Retrieval abuse
Authorization failures in agent actions
Resource exhaustion
Integration and supply chain risk
Use the dedicated child page for the full breakdown and examples.
Additional exploit paths
Beyond the basics, we probe for complex vulnerabilities that often slip through standard scanners.
Business Logic Errors
Flaws in application workflows that allow bypasses (e.g., skipping payment steps) and complex input validation errors.
Exotic Injections
NoSQLi, LDAP Injection, XPath Injection, and Server-Side Template Injection (SSTI).
Files & Misconfigurations
Scanning for file system risks including Local File Inclusion (LFI), Unrestricted File Uploads, Directory Listing, and Error Leakage.
Insecure Deserialization
Executing malicious code by manipulating serialized objects.
Web Cache Poisoning
Manipulating caching mechanisms to serve harmful content to other users.
Client-Side Attacks
Cross-Site Scripting (XSS), CSRF, Open Redirects, and DOM-based vulnerabilities.
Cryptographic Failures
Use of broken algorithms, weak signatures (JWT), hard-coded credentials, and sensitive data exposure.
Hardening checks
We assess whether essential defensive controls are correctly implemented and resilient against common bypass techniques. This includes identifying missing, weak, or misconfigured protections that increase exploitability even when no single vulnerability is present.
Our hardening checks include:
GraphQL hardening gaps – missing depth, complexity, or query cost limits; introspection exposure in production.
CORS misconfigurations – overly permissive origins, credentials misuse, and unsafe wildcard configurations.
TLS & transport security issues – weak cipher suites, outdated protocol versions, improper certificate chains, and missing HSTS.
HTTP security headers – absent or misconfigured headers such as CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Rate limiting & abuse protection – missing or ineffective controls on authentication, APIs, and sensitive endpoints.
Security defaults & environment exposure – debug modes, verbose error handling, and non-hardened production settings.
These findings help reduce attack surface and prevent vulnerability chaining, turning “low-risk” issues into meaningful security improvements.
Compliance
Running this pentest satisfies technical controls for SOC 2 Type II, ISO 27001, and HIPAA. You receive a detailed, auditor-ready report, and you can download a concrete example of the deliverables in our sample pentest report.
Deep dives
Last updated
Was this helpful?