Field Suggestion

Description

Field Suggestion allows users to infer the entire schema. Example of errors: Error: Field "XYZ" is missing.

Remediation

Avoid providing verbose error messages to users in production.

REST Specific

Asp_net

Avoid returning verbose error messages.

Ruby_on_rails

Avoid returning verbose error messages.

Next_js

Avoid returning verbose error messages.

Laravel

Avoid returning verbose error messages.

Express_js

Avoid returning verbose error messages.

Django

Avoid returning verbose error messages.

Symfony

Avoid returning verbose error messages.

Spring_boot

Avoid returning verbose error messages.

Flask

Avoid returning verbose error messages.

Nuxt

Avoid returning verbose error messages.

Fastapi

Avoid returning verbose error messages.

Configuration

Identifier: information_disclosure/rest_field_suggestion

Examples

Ignore this check

checks:
  information_disclosure/rest_field_suggestion:
    skip: true

Score

Escape Severity: LOW

Compliance

OWASP: API3:2023
pci: 5.2.6

Classification

CWE: 200

Score

References

https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure
- https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html

Field Suggestion

Description​

Remediation​

REST Specific​

Configuration​

Examples​

Ignore this check​

Score​

Compliance​

Classification​

Score​

References​

Description

Remediation

REST Specific

Configuration

Examples

Ignore this check

Score

Compliance

Classification

Score

References