Skip to content

Schema: Positive integer validation

Identifier: positive_integer_validation

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Failing to validate that inputs are positive integers can allow unexpected or malicious values like negative numbers, zero, or non-numeric strings, potentially leading to errors, data inconsistencies, or more serious vulnerabilities like SQL injection or buffer overflows.

How we test: We inject various invalid integer values including negative numbers, zero, non-numeric strings, and boundary values into API parameters and analyze responses to detect if proper positive integer validation is enforced.

Configuration

Example

Example configuration:

---
security_tests:
  positive_integer_validation:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.