FAQ

  • GitHub GitHub Repo stars
  • Discord Discord Server
  • New! Try the OpenAPI DoctorThe OpenAPI Doctor

    OWASP API Rules

    Apply Open Worldwide Application Security Project (OWASP) API rules to your OpenAPI specification using vacuum.

    These rules were written by Ricardo Graça.


    owasp-security-hosts-https-oas3 owasp-security-hosts-https-oas2 owasp-constrained-additionalProperties owasp-no-additionalProperties owasp-integer-format owasp-integer-limit-legacy owasp-integer-limit owasp-string-restricted owasp-string-limit owasp-array-limit owasp-define-error-responses-429 owasp-rate-limit-retry-after owasp-rate-limit owasp-define-error-responses-500 owasp-define-error-responses-401 owasp-define-error-validation owasp-protection-global-safe owasp-protection-global-unsafe-strict owasp-protection-global-unsafe owasp-jwt-best-practices owasp-auth-insecure-schemes owasp-no-credentials-in-url owasp-no-api-keys-in-url owasp-no-http-basic owasp-no-numeric-ids