Security Test: Response type mismatch¶

Description¶

Default Severity:

Response type mismatches happen when the data sent back doesn't match what the system expects. Imagine a service promises a number but sends back a text string instead; this confusion can cause errors or even give attackers a way to trick your app. If responses aren’t strictly checked, it might let someone feed malicious data or manipulate how your application behaves, leading to security breaches or unexpected crashes. Often, developers overlook ensuring that every response aligns perfectly with its defined type, making it easier for attackers to exploit these inconsistencies.

Reference:

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

Configuration¶

Identifier: schema/response_type_mismatch

Examples¶

All configuration available:

checks:
  schema/response_type_mismatch:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API10:2023
OWASP LLM Top 10	LLM02:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC5`
PSD2	`Article-97`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`AC-4`
CWE	`573`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/RL:O`