Security Test: Invalid parameters in path¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

When endpoints aren’t set up correctly with defined path parameters, it can lead to unexpected behavior. Developers might accidentally make mistakes when specifying the location of input values in URLs, which can cause the server to misinterpret data and even open a door for attacks like injections. If an API misroutes requests or can be tricked into processing unexpected input, it risks exposing data or behavior that wasn't intended to be public, so it’s important to follow the proper guidelines and carefully validate inputs.

Reference:

https://swagger.io/docs/specification/paths-and-operations/
- https://swagger.io/specification/#path-templating

Configuration¶

Identifier: schema/invalid_parameters_in_path

Examples¶

All configuration available:

checks:
  schema/invalid_parameters_in_path:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API9:2023
OWASP LLM Top 10	LLM07:2023
PCI DSS	`6.5`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-2`
CWE	`758`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N`