OWASP Annotated Application Security Verification Standard

latest

Browse by chapter:

1 Architecture, Design and Threat Modeling
2 Authentication
3 Session Management
4 Access Control
5 Validation, Sanitization and Encoding
6 Stored Cryptography
7 Error Handling and Logging
8 Data Protection
9 Communications
10 Malicious Code
11 Business Logic
12 Files and Resources
13 API and Web Service
14 Configuration

OWASP Annotated Application Security Verification Standard

Docs »
13 API and Web Service »
13.1 Generic Web Service Security Verification Requirements »
13.1.3 API URLs do not expose sensitive information

13.1.3 API URLs do not expose sensitive information¶

Verify API URLs do not expose sensitive information, such as the API key, session tokens etc.

Level 1	X
Level 2	X
Level 3	X

CWE	NIST
598

Next Previous

© Copyright 2019 Wessel van der Linden Revision 63d1bede.

Built with Sphinx using a theme provided by Read the Docs.