Skip to content

Sensitive Data: High number of PHI

Identifier: high_number_of_phi

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When access control is not properly implemented, some PHI can leak to the public. It may lead to data breaches, financial loss, legal penalties, and HIPAA violations.

Configuration

Example

Example configuration:

---
security_tests:
  high_number_of_phi:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    detection_threshold: 1
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

detection_threshold

Type : integer

Threshold to trigger alert if the number of values found.

skip

Type : boolean

Skip the test if true.