Security Test: High number of PCI¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When access control is not properly implemented, some payment card information (PCI) can leak to the public. It may lead to data breaches, financial loss, regulatory violations, and severe legal penalties including PCI DSS non-compliance.
Configuration¶
Identifier:
sensitive_data/high_number_of_pci
Examples¶
All configuration available:
checks:
sensitive_data/high_number_of_pci:
skip: false # default
options:
detection_threshold: 1 # default
Increase the Detection Threshold
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
detection_threshold | number | 1 |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API1:2023 |
| PCI DSS | 6.5.3 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
| CVSS Score | 7.2 |