Sensitive Data: High number of PII¶

Identifier: high_number_of_pii

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When access control is not properly implemented, some Personally identifiable information (PII) can leak to the public. It may lead to data breaches, financial loss and even legal penalties.

References:

https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  high_number_of_pii:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    detection_threshold: 4
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`detection_threshold`¶

Type : integer

Threshold to trigger alert if the number of values found.

`skip`¶

Type : boolean

Skip the test if true.