• Severity Levels
  • Critical
  • High
  • Medium
  • Low
  • No Risk

Input File Insights

{{num_of_files}}

File

{{num_of_apis}}

APIs

{{num_of_params}}

Parameters

{{num_of_data_types}}

Data Types
Distribution by API Method
Distribution by Parameter Data Type
Distribution by API Response Code
Distribution by API Method
Distribution by Parameter Data Type
Distribution by API Response Code

API Design Scorecard

Category
Design Issues
Highest Severity
{% set sev_mapping = {"Critical": "p1", "High": "p2", "Medium": "p3", "Low": "p4"} %}
API Transport
{{issue_insights.get('API Transport', {}).get('api_list', '')|length}}
APIs
{% set highest_sev = violations.get('API Transport', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{{violations.get('API Transport', {}).get('highest_sev_api_count', '-')}}
APIs
Authentication/ Authorization
{{issue_insights.get('AuthN/AuthZ', {}).get('api_list', '')|length}}
APIs
{% set highest_sev = violations.get('AuthN/AuthZ', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{{violations.get('AuthN/AuthZ', {}).get('highest_sev_api_count', '-')}}
APIs
Data type Definition
{{issue_insights.get('Data Type Definitions', {}).get('param_list', '')|length}}
Params
{% set highest_sev = violations.get('Data Type Definitions', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{{violations.get('Data Type Definitions', {}).get('highest_sev_param_count', 0)}}
Params
API Life-cycle Management
{{issue_insights.get('API Lifecycle & Management', {}).get('api_list', '')|length}}
APIs
{% set highest_sev = violations.get('API Lifecycle & Management', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{{violations.get('API Lifecycle & Management', {}).get('highest_sev_api_count', '-')}}
APIs
API Spec-file Management
{{issue_insights.get('API Spec-file Management', {}).get('file_list', '')|length}}
Files
{% set highest_sev = violations.get('API Spec-file Management', {}).get('highest_sev', '') %} {% if highest_sev|length %} {% set pri=sev_mapping.get(highest_sev, '') %} {% else %} {% set pri='' %} {% endif %}
{{issue_insights.get('API Spec-file Management', {}).get('file_list', '')|length}}
Files

Overall Design Issue Insights

 
 
 
 
{{num_of_evaluations}}
 
Total design checks performed
Distribution by Issue Severity
 

Most frequently occurring violation

{{violations.get('description')}} - {{violations.get('most_occ_cat_count', 0)}} violations.

API Transport Design Issues

 
APIs
Severity Distribution
Files
{% set tran_not_defined = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('apis', {}) | length %} {% set insecure_not_defined = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('apis', {}) | length %}

Transport Method Not Defined

The APIs that did not define the transport method at local or global level.
{{tran_not_defined}}
{% if tran_not_defined == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('API Transport', {}).get('Undefined Transport Mechanism', {}).get('files', {}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Clear Text HTTP

The APIs that are defined to be using clear text HTTP
{{insecure_not_defined}}
{% if insecure_not_defined == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('API Transport', {}).get('Insecure Transport Mechanism', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}
{% set undefined_auth = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('apis', {}) | length %} {% set invalid_url = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('apis', {}) | length %}

API Authentication & Authorization Design Issues

 
APIs
Severity Distribution
Files

No Auth Information Defined

The APIs that did not define any authorization information
{{undefined_auth}}
{% if undefined_auth == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('AuthN/AuthZ', {}).get('Undefined Auth Information', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Invalid or Insecure Auth URL

The APIs that are defined to be using an invalid or insecure auth URL.
{{invalid_url}}
{% if invalid_url == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('AuthN/AuthZ', {}).get('Invalid or Insecure URL', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Data Type Issues

{% set undefined_bounds = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('apis', {}) | length %} {% set unrestricted_bounds = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('apis', {}) | length %} {% set type_mismatch = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('apis', {}) | length %}
 
APIs
Severity Distribution
Files

Data Bounds Not Defined

The bounds for the data are not defined for various entities. E.g. Maximum string length or Maximum number of elements in an Array may not be defined.
{{undefined_bounds}}
{% if undefined_bounds == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('critical_params', '')|length %} {% set high = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('high_params', '')|length%} {% set medium = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('medium_params', '')|length %} {% set low = issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('low_params', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    Params
  • {% endif %} {% if high > 0 %}
  • {{high}}
    Params
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    Params
  • {% endif %} {% if low > 0 %}
  • {{low}}
    Params
  • {% endif %}
    {% set files=issue_insights.get('Data Type Definitions', {}).get('Undefined Bounds', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Non-restrictive Data Bounds

The bounds for data are not restrictive for various entities. E.g. a string might have been defined to be any pattern (*) rather than being restricted to alpha-numeric.
{{unrestricted_bounds}}
{% if unrestricted_bounds == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('critical_params', '')|length %} {% set high = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('high_params', '')|length %} {% set medium = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('medium_params', '')|length %} {% set low = issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('low_params', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    Params
  • {% endif %} {% if high > 0 %}
  • {{high}}
    Params
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    Params
  • {% endif %} {% if low > 0 %}
  • {{low}}
    Params
  • {% endif %}
    {% set files=issue_insights.get('Data Type Definitions', {}).get('Unrestricted Bounds', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Type & Attribute Mismatch

Certain entities are of a particular type but mandarory attributes are missing. E.g. an entity of type Array does not have items defined.
{{type_mismatch}}
{% if type_mismatch == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('critical_params', '')|length %} {% set high = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('high_params', '')|length%} {% set medium = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('medium_params', '')|length %} {% set low = issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('low_params', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    Params
  • {% endif %} {% if high > 0 %}
  • {{high}}
    Params
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    Params
  • {% endif %} {% if low > 0 %}
  • {{low}}
    Params
  • {% endif %}
    {% set files=issue_insights.get('Data Type Definitions', {}).get('Type and Attribute mismatch', {}).get('files', {}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

API Lifecycle and Management

 
APIs
Severity Distribution
Files
{% set response_errors = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('apis', {}) | length %} {% set missing_info = issue_insights.get('API Lifecycle & Management', {}).get('Missing information', {}).get('apis', {}) | length %} {% set no_version = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('apis', {}) | length %}

No API Versioning

The APIs defined do not accomodate versioning. E.g. an API defined as /api/v1/employeeInfo allows for versioning. Absence of such API is not ideal for API lifecycle management.
{{no_version}}
{% if no_version == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('API Lifecycle & Management', {}).get('No API Versioning', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

API Error Responses Not Defined

Certain entities are of a particular type but mandatory attributes are missing. E.g. an entity of type array does not have items defined.
{{response_errors}}
{% if response_errors == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('critical_apis', '')|length %} {% set high = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('high_apis', '')|length%} {% set medium = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('medium_apis', '')|length %} {% set low = issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('low_apis', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    APIs
  • {% endif %} {% if high > 0 %}
  • {{high}}
    APIs
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    APIs
  • {% endif %} {% if low > 0 %}
  • {{low}}
    APIs
  • {% endif %}
    {% set files=issue_insights.get('API Lifecycle & Management', {}).get('Response-specific Errors', {}).get('files',{}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

API Spec-file Management

 
Files
Severity Distribution
Names
{% set missing_info = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('files', {}) | length %}

Contact Information Missing

The contact information is missing from the API Specification files.
{{missing_info}}
{% if missing_info == 0 %}
Kudos to you and your team!

No issues found

{% else %} {% set critical = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('critical_files', '')|length %} {% set high = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('high_files', '')|length%} {% set medium = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('medium_files', '')|length %} {% set low = issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('low_files', '')|length %}
    {% if critical > 0 %}
  • {{critical}}
    Files
  • {% endif %} {% if high > 0 %}
  • {{high}}
    Files
  • {% endif %} {% if medium > 0 %}
  • {{medium}}
    Files
  • {% endif %} {% if low > 0 %}
  • {{low}}
    Files
  • {% endif %}
    {% set files=issue_insights.get('API Spec-file Management', {}).get('Missing information', {}).get('files', {}) %} {% set count = namespace(value=0) %} {% for file in files if count.value < 3 %} {% set count.value = count.value + 1 %}
  • {{file}}
  • {% endfor %} {% if count.value >= 3 %}
  • .....
  • {% endif %}
{% endif %}

Custom Compliance Rules

No custom rules and checks performed.

Did you know you can define your own custom compliance rules to check your specification?
Refer to Imperva documentation on how to do it

{% if violation_details | length > 0 %}

Violation Details:

{% for sev, sev_val in violation_details.items() %} {% for key, val in sev_val.items() %} {% endfor %} {% endfor %}
  • {{sev}}
  • Type: {{key}}
    • Impact: {{val.get('Impact', '')}}
    • {% set req_key = namespace(value='') %} {% for k,v in val.items() %} {% set req_key.value = k | replace("Impact", " ") %} {% endfor %} {{req_key.value}}:
      {% for api in val.get(req_key.value, [])%} {% set split_list = api.split('\n\n') %} {% endfor %}
      {{split_list[0]}}

      {{split_list[1]}}

{% endif %}