Owasp Api1 2023 No Numeric Ids Error

OWASP API1 2023 No Numeric IDs (Edit)

Use random IDs that cannot be guessed. UUIDs are preferred but any other random string will do. Using numeric IDs can lead to enumeration attacks where attackers iterate through possible ID values.

OWASPSecurityIdentifiersOpenAPI

Rule Definition

{"owasp-api1-2023-no-numeric-ids-error":{"description":"Use random IDs that cannot be guessed. UUIDs are preferred but any other random string will do. Using numeric IDs can lead to enumeration attacks where attackers iterate through possible ID values.","message":"Use random IDs that cannot be guessed, UUIDs are preferred.","given":"$.paths..parameters[*]","severity":"error","then":{"field":"schema.type","function":"pattern","functionOptions":{"notMatch":"^integer$"}}}}

Back to All of the Rules

OWASP API1 2023 No Numeric IDs (Edit)

This Page

Open & Ask

Rule Definition