Security Test: Invalid parameters in path¶
Description¶
Default Severity:
When endpoints aren’t set up correctly with defined path parameters, it can lead to unexpected behavior. Developers might accidentally make mistakes when specifying the location of input values in URLs, which can cause the server to misinterpret data and even open a door for attacks like injections. If an API misroutes requests or can be tricked into processing unexpected input, it risks exposing data or behavior that wasn't intended to be public, so it’s important to follow the proper guidelines and carefully validate inputs.
Reference:
Configuration¶
Identifier:
schema/invalid_parameters_in_path
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API9:2023 |
OWASP LLM Top 10 | LLM07:2023 |
PCI DSS | 6.5 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-53 |
FedRAMP | AC-2 |
CWE | 758 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |