An HTTP Authentication scheme is the way an API is set up to challenge the credentials of users who want to interact with it. OAuth v1 and Microsoft Negotiate Authentication Protocol are both considered outdated schemes and should not be used by APIs to challenge the credentials of users. Bearer authentication requires an API to only authenticate users who bear an appropriate access token. The access token (bearer token) in Bearer auth is a cryptic object usually provided by an API after a successful login. Bearer format JWT (JSON Web Token) is the recommended object structure for the access token.
This rule applies at the API Specification level (OAS/Swagger).
Injection Attacks: If the missing properties are related to input validation or sanitization, hackers may exploit injection vulnerabilities. For instance, in a web application, if additional properties are missing in a form validation process, attackers could inject malicious code (like SQL injection or cross-site scripting) into input fields to manipulate data or execute arbitrary commands.
