API Evangelist API Evangelist
API Learnings
APIs
API Governance
API Solutions
API Discovery
API Building Blocks
API Evangelist LLC
API Learnings
APIs
API Governance
API Solutions
API Discovery
API Building Blocks
API Evangelist LLC

Need help?

Contact us

OWASP API1 2023 No Numeric IDs

Use random IDs that cannot be guessed. UUIDs are preferred but any other random string will do. Using numeric IDs can lead to enumeration attacks where attackers iterate through possible ID values.

#OWASP #Security #Identifiers #OpenAPI
← Back to all Rules
Rule Details
Severity error
Given $.paths..parameters[*]
Slug owasp-api1-2023-no-numeric-ids-error
Explore more

Navigate related API building blocks.

All Rules Policies Guidance Schemas