FAQ

  • GitHub GitHub Repo stars
  • Discord Discord Server
  • New! Try the OpenAPI DoctorThe OpenAPI Doctor

    OWASP Functions

    Open Worldwide Application Security Project (OWASP) Functions for OWASP Rules.

    These functions power a portion of the OWASP Rules. They were originally written by Ricardo Graça.


    owaspExternalExample

    Checks that an external example and an example are not used together.

    owaspArrayLimit

    Checks array schema types also define maxItems

    owaspAuthInsecureSchemes

    Checks authentication schemes used are not outdated and insecure.

    owaspBasicAuth

    Checks no Basic auth is used in the API.

    owaspCheckErrorResponse

    Checks if an error response has been defined for a given status code.

    owaspHostsHttps

    Checks that server hosts use HTTPS (not HTTP)

    owaspIntegerFormat

    Checks integers specify format (int32 or int64)

    owaspIntegerLimit

    Checks integers specify minimum and maximum or exclusiveMinimum and exclusiveMaximum

    owaspJWTBestPractice

    Checks JWTs explicitly declare support for RFC8725

    owaspNoAdditionalProperties

    Checks that no additional properties are allowed in the API.

    owaspNoAdditionalPropertiesConstrained

    Checks schema defines maxProperties when additionalProperties is an object

    owaspNoApiKeyInUrl

    Checks no parameters are used in the URL to pass API keys.

    owaspNoCredentialsInUrl

    Checks no credentials are used in the URL.

    owaspNoNumericIds

    Checks that no numeric IDs are used in the API.

    owaspRatelimitRetryAfter

    Checks that any 429 response, contains a Retry-After header.

    owaspStringLimit

    Checks strings specify maxLength, enum, or const

    owaspStringRestricted

    Checks strings must specify a format, pattern, enum, or const

    owaspHeaderDefinition

    Check if a header has been defined or not from the list of headers.

    owaspDefineErrorDefinition

    Check if global or operation level security has been defined.

    owaspCheckSecurity

    Check if global or operation level security has been defined.