Security Test: High number of PHI¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When access control is not properly implemented, some PHI can leak to the public. It may lead to data breaches, financial loss, legal penalties, and HIPAA violations.
Configuration¶
Identifier:
information_disclosure/high_number_of_phi
Examples¶
All configuration available:
checks:
information_disclosure/high_number_of_phi:
skip: false # default
options:
phi_threshold: 4 # default
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
phi_threshold | number | 4 |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API1:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
| CVSS Score | 7.2 |