Undefined integer format

owasp:api4:2019-integer-format

Rule Severity:

Medium

APIs should specify an integer format type to ensure availability of the service to all users.
This rule applies at the API Specification level (OAS/Swagger).
URL parameters should not include sensitive information such as API keys, passwords, or secrets. Harcoding secrets or passwords in the API spec can lead to their exposure. Passwords, keys, tokens, or any other secret should be stored securely. Appropriate handling of secrets requires, amongst other best practices, implementation of encryption of secrets at rest and in transit, regular secret expiry & rotation, and short availability in application memory.

1. How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

type: objectproperties: myObj: # arbitrary name for the object type: integer # missing "format:

2. How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

1. How to Resolve with Example Scenario

Find the text in bold to identify issues such as these in API specifications

type: objectproperties: myObj: # arbitrary name for the object type: integer format: int32

2. How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications

type: objectproperties: myObj: # arbitrary name for the object type: integer format: int32

References:
https://swagger.io/docs/specification/data-models/data-types/

More findings

All Findings
Missing 429 response
Missing retry header
Missing additional properties
Missing 4xx response
Insecure host (OAS2)
Numeric IDs

Resource center

Check the FireTail blog and research documents for up-to-date information.

FireTail Now Available on AWS Marketplace
September 27, 2023

FireTail Now Available on AWS Marketplace

The addition of FireTail marks a significant milestone in our mission to provide state-of-the-art API security solutions to organizations around the world. Now, AWS customers can unleash the power of FireTail quickly, easily and confident in the knowledge that the platform integrates perfectly with their cloud environment.

Read more
FireTail Secures SOC 2 Type 2 Certification
September 15, 2023

FireTail Secures SOC 2 Type 2 Certification

At FireTail, we are very pleased to announce that we have achieved SOC 2 Type 2 accreditation. This certification is an important milestone in our ongoing journey to ensure we adhere to the highest industry standards when it comes to data protection and cybersecurity.

Read more
The Complex Connections between Generative AI and API Security
September 14, 2023

The Complex Connections between Generative AI and API Security

APIs and Artificial Intelligence are two of the most important developments in tech of the last 10 years. In this post, we look at the dual impacts that connect these two hot topics that make our online worlds work.

Read more
Browse all articles