Skip to content

Security Test: Invalid parameters in path

Description

Default Severity:

When endpoints aren’t set up correctly with defined path parameters, it can lead to unexpected behavior. Developers might accidentally make mistakes when specifying the location of input values in URLs, which can cause the server to misinterpret data and even open a door for attacks like injections. If an API misroutes requests or can be tricked into processing unexpected input, it risks exposing data or behavior that wasn't intended to be public, so it’s important to follow the proper guidelines and carefully validate inputs.

Reference:

Configuration

Identifier: schema/invalid_parameters_in_path

Examples

All configuration available:

checks:
  schema/invalid_parameters_in_path:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API9:2023
OWASP LLM Top 10 LLM07:2023
PCI DSS 6.5
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-2
CWE 758
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N