Prepared for: Name of the company
Prepared by: Imperva API Security Team
Uploaded file name: Name of the file
Creation Time: Jan 22, 2022, 14:56
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 1
In this section you will learn about:
Input File Details
Overall Design Issues
Issue categories details
Violation Details
What did we find inside the uploaded zip file?
Issues
7
APIs
83
Parameters
188
Data Types
21
How is content distributed inside your files?
By API Method
By Parameter Type
By API Response Code
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 2
Input File Details
Overall Design Issues
Issue categories details
Violation Details
What did we find inside the uploaded zip file?
Total checkups performed
7,199
Issues found
334 (20%)
Issues distribution by severity
Critical
200
Major
100
Minor
34
Most frequently occuring violation
Properties of type “array” should have “maxItems” defined.
439 Violations
20%
Properties of type “array” should have “maxItems” defined.
439 Violations
20%
What are the issue categories?
API Design Scorecard
Issue Category | Issues Found | Severity | Highest Severity |
---|---|---|---|
Data Type Definition | 32 |
|
32 Critical |
Data Type Definition | 32 |
|
32 Critical |
Data Type Definition | 32 |
|
32 Critical |
Data Type Definition | 32 |
|
32 Critical |
Data Type Definition | 60 |
|
60 Major |
Critical
Major
Minor
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 3
Input File Details
Overall Design Issues
Issue categories details
Violation Details
What are the issue categories?
API Transport Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags |
---|---|---|---|---|
Transport Method Not Defined The APIs that did not define the transport method at local or global level |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
Clear Text HTTP The APIs that are defined to be using clear text HTTP |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 4
Input File Details
Overall Design Issues
Issue categories details
Violation Details
Data Type Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags |
---|---|---|---|---|
Data Bounds Not Defined The bounds for the data are not defined for various entities. E.g. Maximum string length or Maximum number of elements in an Array may not be defined |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
Non-restrictive Data Bounds The bounds for data are not restrictive for various entities. E.g. a string might have been defined to be any pattern (*) rather than being restricted to alpha-numeric |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
Type & Attribute Mismatch Certain entities are of a particular type but mandarory attributes are missing. E.g. an entity of type Array does not have items defined |
0 |
No Issues found! Kudos to you and your team! |
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 5
Input File Details
Overall Design Issues
Issue categories details
Violation Details
API Authentication & Authorization Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags |
---|---|---|---|---|
No Auth Information Defined The APIs that did not define any authorization information |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
Invalid or Insecure Auth URL The APIs that are defined to be using an invalid or insecure auth URL |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 6
Input File Details
Overall Design Issues
Issue categories details
Violation Details
API Lifecycle and Management Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags |
---|---|---|---|---|
No API Versioning The APIs defined do not accomodate versioning. E.g. an API defined as /api/v1/employeeInfo allows for versioning. Absence of such API is not ideal for API lifecycle management |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
API Error Responses Not Defined Certain entities are of a particular type but mandatory attributes are missing. E.g. an entity of type array does not have items defined |
2 |
32 Critical 22 Major 22 Minor |
/tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json /tmp/cvapispecrisk_auvk/orangebank_stores.json |
text_array-cms |
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 7
Input File Details
Overall Design Issues
Issue categories details
Violation Details
API Spec-file Management Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags |
---|---|---|---|---|
Contact Information Missing The contact information is missing from the API Specification files |
0 |
No Issues found! Kudos to you and your team! |
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 8
In this section you will learn about:
Input File Details
Overall Design Issues
Issue categories details
Violation Details
Type
Local security field is missing
Issues
7
Details
The global security field is missing, is empty, or contains an empty security requirement.
Impact
Lack of the security field implies that no security schemes will be applied for the affected operations. Security schemes ensure authenticated and authorized access to APIs, lack of which may make the API vulnerable.
Type
Security Definitions field is not defined or is empty.
Issues
6
Details
Absence of the security definitions implies that even if the security schemes have been specified, they cannot be applied without the scheme definition as captured in the securityDefintions field.
Impact
Lack of the security field implies that no security schemes will be applied for the affected operations. Security schemes ensure authenticated and authorized access to APIs, lack of which may make the API vulnerable.
Type
Local security field is missing
Issues
7
Details
The global security field is missing, is empty, or contains an empty security requirement.
Impact
Lack of the security field implies that no security schemes will be applied for the affected operations. Security schemes ensure authenticated and authorized access to APIs, lack of which may make the API vulnerable.
Type
Local security field is missing
Issues
7
Details
The global security field is missing, is empty, or contains an empty security requirement.
Impact
Lack of the security field implies that no security schemes will be applied for the affected operations. Security schemes ensure authenticated and authorized access to APIs, lack of which may make the API vulnerable.
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer
Page 9
Protecting data and all paths to it
Have ideas on how we can make this report better? Give us feedback
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer