Security Test: Swagger rules¶
Description¶
Default Severity:
Swagger rules are used to validate the schema for a REST API, but because they aren't strictly structured, they can introduce security weaknesses. The main issue is that their flexibility sometimes allows unexpected or malicious data to slip through validation, which can then be exploited by attackers to bypass security controls or trigger unintended behaviors. Developers using these rules might assume they're automatically enforcing strict validations, but attackers can take advantage of less rigorous checks—leading to risks like data breaches or unauthorized access. Essentially, the danger lies in relying too heavily on these rules without adding robust, manual security checks.
Configuration¶
Identifier:
schema/swagger_rules
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API9:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | SA-11 |
| CWE | 758 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |