Skip to content

Sensitive Data: High number of PCI

Identifier: high_number_of_pci

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

When access control is not properly implemented, payment card information (PCI) can leak to the public, potentially leading to data breaches, financial loss, regulatory violations, and severe legal penalties including PCI DSS non-compliance.

How we test: We scan responses to detect PCI data such as credit card numbers, CVV codes, and other payment card identifiers. We count the number of PCI instances found and alert if the count exceeds the configured threshold, indicating potential access control failures.

Configuration

Example

Example configuration:

---
security_tests:
  high_number_of_pci:
    detection_threshold: 3
    skip: false

Reference

detection_threshold

Type : integer

Threshold to trigger alert if the number of values found.

skip

Type : boolean

Skip the test if true.