Owasp Api7 2023 Concerning Url Parameter Info

OWASP API7 2023 Concerning URL Parameter (Edit)

Using external resource URLs based on user input for webhooks, file fetching, custom SSO, URL previews, or redirects can lead to Server Side Request Forgery (SSRF) and other security issues.

OWASPSecuritySSRFParametersOpenAPI

Rule Definition

{"owasp-api7-2023-concerning-url-parameter-info":{"description":"Using external resource URLs based on user input for webhooks, file fetching, custom SSO, URL previews, or redirects can lead to Server Side Request Forgery (SSRF) and other security issues.","message":"Make sure to review the way this URL parameter is handled to protect against Server Side Request Forgery.","given":"$.paths[*].parameters[*].name","severity":"info","then":{"function":"pattern","functionOptions":{"notMatch":"(?i)(callback|redirect|uri|url|href|link|target|return)"}}}}

Back to All of the Rules

OWASP API7 2023 Concerning URL Parameter (Edit)

This Page

Open & Ask

Rule Definition