Platform Update: Q2 2024 - Check out all of the recent product improvements
WatchThe table below details the findings codes.
| Finding name | Finding code | Description |
|---|---|---|
| Unauthenticated endpoints | firetail:authenticated-endpoint-removed | An endpoint that previously required authentication has been changed to no longer require authentication. |
| Numeric IDs | owasp-no-numeric-ids | An endpoint is using a numeric parameter for identifying resources. |
| Insecure auth scheme | owasp-auth-insecure-schemes | An endpoint has an insecure authentication scheme set. |
| Non-standard JSON Web Token | owasp-jwt-best-practices | An endpoint is using JSON Web Tokens (JWT) that do not adhere to best current practices detailed in RFC8725. |
| API key in URL | owasp-no-api-keys-in-url | An endpoint is using URL parameters to pass in API keys. |
| Credentials in URL | owasp-no-credentials-in-url | An endpoint is using URL parameters to pass in credentials. |
| Basic HTTP auth | owasp-no-http-basic | An endpoint is using Basic HTTP authentication. |
| Missing global security | owasp-protection-global-safe | An endpoint was found that is not protected by any security scheme. |
| Missing authentication | owasp-protection-global-unsafe-strict | An operation is missing authentication. |
| Missing global security | owasp-protection-global-unsafe | An endpoint was found that is not protected by any security scheme. |
| Missing 401 response | owasp-define-error-responses-401 | An endpoint is missing the definition for a 401 response. |
| Missing 500 response | owasp-define-error-responses-500 | An endpoint is missing the definition for a 500 response. |
| Missing 4xx response | owasp-define-error-validation | An endpoint is missing the definition for a 4xx response. |
| Missing array limit | owasp-array-limit> | An endpoint is returning an array of items without having a specified limit on the maximum number of items that can be returned. |
| Undefined integer format | owasp-integer-format | An endpoint is missing format information for an integer parameter. |
| Legacy integer limit | owasp-integer-limit-legacy | An endpoint is using legacy limits for an integer parameter. |
| Undefined integer limit | owasp-integer-limit | An endpoint is missing limit information for an integer parameter. |
| Missing 429 response | owasp-define-error-responses-429 | An endpoint is missing a rate limit response. |
| Missing retry header | owasp-rate-limit-retry-after | An endpoint is missing the Retry-After header for 429 responses. |
| Missing rate limit headers | owasp-rate-limit | An endpoint is missing rate limit headers in 2xx and 4xx responses. |
| Undefined string limit | owasp-string-limit | An endpoint is missing limit information for a string parameter. |
| Unrestricted string | owasp-string-restricted | An endpoint is missing restrictions for a string parameter. |
| Unconstrained additional properties | owasp-constrained-additionalProperties | An endpoint allows for unconstrained additional properties. |
| Missing additional properties | owasp-no-additionalProperties | An endpoint is missing the setting for additional properties. |
| Insecure host (OAS2) | owasp-security-hosts-https-oas2 | The host is specified with an insecure protocol (HTTP). |
| Insecure host (OAS3) | owasp-security-hosts-https-oas3 | The host is specified with an insecure protocol (HTTP). |
To learn how to view findings and understand the information they contain, go to Findings overview.
