Prepared for: Name of the company
Prepared by: Imperva API Security Team
Uploaded file name: {{ file_name }}
Creation Time: Jan 22, 2022, 14:56
View Report
What did we find inside the uploaded zip file?
Files
{{ num_of_files }}
APIs
{{ num_of_apis }}
Parameters
{{ num_of_params }}
Data Types
{{ num_of_data_types }}
How is content distributed inside your files?
By API Method
By Parameter Type
By API Response Code
What did we find inside the uploaded zip file?
Total checkups performed
{{ num_of_evaluations }}
Issues found
{% set critical_issue_count = violations.get('risk_siv_counts', {}).get('critical', 0) + violations.get('risk_siv_counts', {}).get('high', 0)%} {% set major_issue_count = violations.get('risk_siv_counts', {}).get('medium', 0) %} {% set minor_issue_count = violations.get('risk_siv_counts', {}).get('low', 0) %} {% set total_issue_count = critical_issue_count + major_issue_count + minor_issue_count %}{{ total_issue_count }} ({{ '%0.2f' % (total_issue_count / num_of_evaluations * 100) | float }}%)
Issues distribution by severity
Critical
{{ critical_issue_count }}
Major
{{ major_issue_count }}
Minor
{{ minor_issue_count }}
Most frequently occuring violation
{{violations.get('description')}}
{{violations.get('most_occ_cat_count', 0)}} Violations
20%
What are the issue categories?
API Design Scorecard
Issue Category | APIs Impacted | Highest Severity |
---|---|---|
API Transport | {{ issue_insights.get('API Transport', {}).get('api_list', '') | length }} | {% set highest_sev = violations.get('API Transport', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri = sev_mapping.get(highest_sev, '') %} {% else %} {% set pri = '' %} {% endif %}
{% if 'highest_sev_api_count' in violations.get('API Transport', {}) %}
{{ violations.get('API Transport', {}).get('highest_sev_api_count', '-') }} {{ pri }} {% else %}— {% endif %} |
Authentication/Authorization | {{ issue_insights.get('AuthN/AuthZ', {}).get('api_list', '') | length }} | {% set highest_sev = violations.get('AuthN/AuthZ', {}).get('highest_sev', '') %} {% if highest_sev | length %} {% set pri = sev_mapping.get(highest_sev, '') %} {% else %} {% set pri = '' %} {% endif %}
{% if 'highest_sev_api_count' in violations.get('AuthN/AuthZ', {}) %}
{{ violations.get('AuthN/AuthZ', {}).get('highest_sev_api_count', '-') }} {{ pri }} {% else %}— {% endif %} |
Data Type Definition | {{ issue_insights.get('Data Type Definitions', {}).get('param_list', '') | length }} | {% set highest_sev = violations.get('Data Type Definitions', {}).get('highest_sev', '') %} {% if highest_sev | length %} {% set pri = sev_mapping.get(highest_sev, '') %} {% else %} {% set pri = '' %} {% endif %}
{% if 'highest_sev_param_count' in violations.get('Data Type Definitions', {}) %}
{{violations.get('Data Type Definitions', {}).get('highest_sev_param_count', 0)}} {{ pri }} {% else %}— {% endif %} |
API Life-cycle Management | {{ issue_insights.get('API Lifecycle & Management', {}).get('api_list', '') | length }} | {% set highest_sev = violations.get('API Lifecycle & Management', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{% if 'highest_sev_api_count' in violations.get('API Lifecycle & Management', {}) %}
{{violations.get('API Lifecycle & Management', {}).get('highest_sev_api_count', '-')}} {{ pri }} {% else %}— {% endif %} |
API Spec-file Management | {{issue_insights.get('API Spec-file Management', {}).get('file_list', '')|length}} | {% set highest_sev = violations.get('API Spec-file Management', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{% if 'file_list' in issue_insights.get('API Spec-file Management', {}) %}
{{issue_insights.get('API Spec-file Management', {}).get('file_list', '') | length}} {{ pri }} {% else %}— {% endif %} |
Critical
Major
Minor
What are the issue categories?
API Transport Design Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags | |||
---|---|---|---|---|---|---|---|
Transport Method Not Defined The APIs that did not define the transport method at local or global level |
{% set tran_not_defined = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('apis', {}) | length %}
{{tran_not_defined}} | {% if tran_not_defined == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('critical_apis', '') | length %}
{% set high = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('high_apis', '') | length%}
{% set medium = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('medium_apis', '') | length %}
{% set low = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('low_apis', '') | length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('files', {}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('tags', {}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
||
Clear Text HTTP The APIs that are defined to be using clear text HTTP |
{% set insecure_not_defined = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('apis', {}) | length %}
{{ insecure_not_defined }} | {% if insecure_not_defined == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('critical_apis', '')|length %}
{% set high = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('high_apis', '')|length%}
{% set medium = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('medium_apis', '')|length %}
{% set low = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('low_apis', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('files', {}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('tags', {}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
Data Type Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags | |||
---|---|---|---|---|---|---|---|
Data Bounds Not Defined The bounds for the data are not defined for various entities. E.g. Maximum string length or Maximum number of elements in an Array may not be defined |
{% set undefined_bounds = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('apis', {}) | length %}
{{undefined_bounds}} | {% if undefined_bounds == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('critical_params', '')|length %}
{% set high = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('high_params', '')|length%}
{% set medium = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('medium_params', '')|length %}
{% set low = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('low_params', '')|length %}
{{ critical + high}} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('files',{}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
||
Non-restrictive Data Bounds The bounds for data are not restrictive for various entities. E.g. a string might have been defined to be any pattern (*) rather than being restricted to alpha-numeric |
{% set unrestricted_bounds = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('apis', {}) | length %}
{{unrestricted_bounds}} | {% if unrestricted_bounds == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('critical_params', '')|length %}
{% set high = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('high_params', '')|length %}
{% set medium = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('medium_params', '')|length %}
{% set low = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('low_params', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('files',{}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
||
Type & Attribute Mismatch Certain entities are of a particular type but mandarory attributes are missing. E.g. an entity of type Array does not have items defined |
{% set type_mismatch = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('apis', {}) | length %}
{{type_mismatch}} | {% if type_mismatch == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('critical_params', '')|length %}
{% set high = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('high_params', '')|length%}
{% set medium = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('medium_params', '')|length %}
{% set low = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('low_params', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('files', {}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('tags', {}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
API Authentication & Authorization Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags | |||
---|---|---|---|---|---|---|---|
No Auth Information Defined The APIs that did not define any authorization information |
{% set undefined_auth = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('apis', {}) | length %}
{{undefined_auth}} | {% if undefined_auth == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('critical_apis', '')|length %}
{% set high = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('high_apis', '')|length%}
{% set medium = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('medium_apis', '')|length %}
{% set low = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('low_apis', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('files',{}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
||
Invalid or Insecure Auth URL The APIs that are defined to be using an invalid or insecure auth URL |
{% set invalid_url = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('apis', {}) | length %}
{{invalid_url}} | {% if invalid_url == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('critical_apis', '')|length %}
{% set high = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('high_apis', '')|length%}
{% set medium = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('medium_apis', '')|length %}
{% set low = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('low_apis', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('files',{}) %}
{% for file in files %}
{{ file }} {% endfor %} |
{% set tags = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
API Lifecycle and Management Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags | |||
---|---|---|---|---|---|---|---|
No API Versioning The APIs defined do not accomodate versioning. E.g. an API defined as /api/v1/employeeInfo allows for versioning. Absence of such API is not ideal for API lifecycle management |
{% set no_version = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('apis', {}) | length %}
{{no_version}} | {% if no_version == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('critical_apis', '')|length %}
{% set high = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('high_apis', '')|length%}
{% set medium = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('medium_apis', '')|length %}
{% set low = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('low_apis', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('files',{}) %}
{% for file in files %}
{{file}} {% endfor %} |
{% set tags = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
||
API Error Responses Not Defined Certain entities are of a particular type but mandatory attributes are missing. E.g. an entity of type array does not have items defined |
{% set response_errors = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('apis', {}) | length %}
{{response_errors}} | {% if response_errors == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('critical_apis', '')|length %}
{% set high = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('high_apis', '')|length%}
{% set medium = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('medium_apis', '')|length %}
{% set low = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('low_apis', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('files',{}) %}
{% for file in files %}
{{file}} {% endfor %} |
{% set tags = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('tags',{}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
API Spec-file Management Issues
Issue Category | APIs with Issue | Severity Distribution | Files | Data Tags | |||
---|---|---|---|---|---|---|---|
Contact Information Missing The contact information is missing from the API Specification files |
{% set missing_info = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('files', {}) | length %}
{{missing_info}} | {% if missing_info == 0 %}
No Issues found! Kudos to you and your team! |
{% else %}
{% set critical = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('critical_files', '')|length %}
{% set high = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('high_files', '')|length%}
{% set medium = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('medium_files', '')|length %}
{% set low = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('low_files', '')|length %}
{{ critical + high }} Critical {{ medium }} Major {{ low }} Minor |
{% set files = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('files', {}) %}
{% for file in files %}
{{file}} {% endfor %} |
{% set tags = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('tags', {}) %}
{% if tags %}
{% for tag in tags %}
{{ tag }} {% endfor %} {% else %}— {% endif %} |
{% endif %}
Type
{{ key }}
Issues
{{ val.get(req_key.value, []) | length }}
Impact
{{val.get('Impact', '')}}
@ Imperva Ltd. All rights reserved
Imperva API Report
Creation date: Jun 21, 2021, 16:23
|
For: Name of the Customer