Security Test: High number of PII¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

When access control is not properly implemented, some PII can leak to the public. It may lead to data breaches, financial loss and even legal penalties.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

Configuration¶

Identifier: information_disclosure/high_number_of_pii

Examples¶

All configuration available:

checks:
  information_disclosure/high_number_of_pii:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API1:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.3`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.18.1`
NIST	`SP800-53`
FedRAMP	`AC-4`
CWE	`200`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C`
CVSS Score	`7.2`