V13.1 — Generic Web Service Security
Generic Web Service Security: 4 L3 requirement(s). V13.1.1: Verify that all application components use the same encodings and parsers to avoid parsing attacks that exploit differen... V13.1.3: Verify API URLs do not expose sensitive information, such as the API key, session tokens etc. V13.1.4: Verify that authorization decisions are made at both the URI, enforced by programmatic or declarative security at the co... ... and 1 more.
| Property | Value |
|---|---|
| Section | V13.1 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-02 | Input Validation and Injection Prevention |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization |
Source: OWASP Application Security Verification Standard 4.0.3