| Details | |
|---|---|
| Alert ID | 200014-3 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Medium |
| CWE | 598 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-598 OWASP_2021_A07 OWASP_2025_A02 TOOL_PTK |
Summary
Detects access tokens, JWTs, and API keys present in URLs or query strings observed in traffic.
Generated by OWASP PTK DAST Module
Solution
• Avoid placing secrets in URLs. Use Authorization headers or secure cookies. • Rotate exposed tokens and ensure logs/analytics do not persist sensitive URLs.Other Info
References
- https://owasp.org/Top10/2025/A02_2025-Cryptographic_Failures/
- https://cwe.mitre.org/data/definitions/598.html