OWASP API Security Top 10 2019 Checklist

2.1.x

excessive-data-exposure-mandatory-schema

general > excessive-data-exposure-mandatory-schema

Guidance

Implement a schema-based response validation mechanism as an extra layer of security. As part of this mechanism, define and enforce data returned by all API methods, including errors.

Message

Use schemas or data types in the specification to determine the format of the response bodies.

Examples

valid

#%RAML 1.0
title: Ruleset API
mediaType:
- application/json
/abc:
get:
  responses:
    200:
    body:
      type: string

invalid

#%RAML 1.0
title: Ruleset API
mediaType:
- application/json
/abc:
get:
  responses:
    200:
    body:
      type: any

Applies to Response

Constraint

Type: Declarative Validation
TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 2.1.x

Version
2.1.0

Tags

specification