Security Test: Unhandled endpoint¶
Description¶
Default Severity:
When a system shows an endpoint in its API documentation or introspection but doesn’t build any logic around it, it creates an unexpected weak spot. Attackers might probe this gap and look for unexpected behaviors, and if the system doesn’t properly close the door, it could allow misuse, crashes, or even unauthorized access in certain cases. Developers often overlook these “unused” endpoints thinking nothing happens, but leaving them visible or accessible can lead to unintended security holes in your application.
Configuration¶
Identifier:
configuration/unhandled_endpoint
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API2:2023 |
| OWASP LLM Top 10 | LLM07:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-2 |
| CWE | 453 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |