FAQ

  • GitHub GitHub Repo stars
  • Discord Discord Server
  • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor

    OWASP API Rules

    Apply Open Worldwide Application Security Project (OWASP) API rules to your OpenAPI specification using vacuum.

    These rules were written by Ricardo Graça.


    owasp-security-hosts-https-oas3 owasp-security-hosts-https-oas2 owasp-constrained-additionalProperties owasp-no-additionalProperties owasp-integer-format owasp-integer-limit-legacy owasp-integer-limit owasp-string-restricted owasp-string-limit owasp-array-limit owasp-define-error-responses-429 owasp-rate-limit-retry-after owasp-rate-limit owasp-define-error-responses-500 owasp-define-error-responses-401 owasp-define-error-validation owasp-protection-global-safe owasp-protection-global-unsafe-strict owasp-protection-global-unsafe owasp-jwt-best-practices owasp-auth-insecure-schemes owasp-no-credentials-in-url owasp-no-api-keys-in-url owasp-no-http-basic owasp-no-numeric-ids