{"id":726,"date":"2020-06-07T14:23:44","date_gmt":"2020-06-07T13:23:44","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?p=726"},"modified":"2023-02-15T15:39:00","modified_gmt":"2023-02-15T15:39:00","slug":"tutorial-api-security-audit-report","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-api-security-audit-report\/","title":{"rendered":"OpenAPI (Swagger) Security Audit Report Explained"},"content":{"rendered":"\r\n\r\n\t<p>Tutorials<\/p>\r\n\r\n\t<section>\r\n<p>In our previous tutorial, we have created an API collection, and imported and audited an OpenAPI (Swagger) definition file. Now we are going to drill into the report and walk you through how to get the most out of it.<\/p>\r\n<\/section>\r\n\t<iframe loading=\"lazy\" width=\"1110\" height=\"624\" src=\"https:\/\/www.youtube.com\/embed\/EU-wilu0SIs\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\r\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/view-checks-1024x512.png\" alt=\"view-checks\" itemprop=\"image\" height=\"512\" width=\"1024\" title=\"view-checks\" onerror=\"this.style.display='none'\"  \/>\r\n<h2>\r\n\t\tViewing Checks\r\n\t<\/h2>\r\n\t<p>API Contract Security Audit is a static analysis of your OpenAPI (Swagger) file using OpenAPI Specification. We run 300+ checks on your API definition, and you can view all of them in our API Security Encyclopedia by clicking on\u00a0<b>View Checks<\/b>\u00a0within the dashboard.<\/p>\r\n<h2>\r\n\t\tAudit Score Overview\r\n\t<\/h2>\r\n<p>The audit score of your API is shown at the top of the report. The security audit is broken down into 3 sections:<\/p>\r\n<ul>\r\n<li><b>Security<\/b>\u00a0&#8211; Possible score of 30<\/li>\r\n<li><b>Data Validation<\/b>\u00a0&#8211; possible score of 70<\/li>\r\n<li><b>OpenAPI Format<\/b>\u00a0&#8211; Formatting issues are not scored, but should be remediated first so you can proceed with protecting your API.<\/li>\r\n<\/ul>\r\n<p><b>NOTE:<\/b>\u00a0If you import an API definition that is not a valid OpenAPI (Swagger) definition (that has issues in its format), you see a yellow warning at the top of the API summary page, and the found issues are marked with red in the report. To ensure accuracy of the audit, make sure that your OpenAPI (Swagger) definition is well-formed first.<\/p>\r\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/audit-report-Custom-1024x512.png\" alt=\"audit-report (Custom)\" itemprop=\"image\" height=\"512\" width=\"1024\" title=\"audit-report (Custom)\" onerror=\"this.style.display='none'\"  \/>\r\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/warning-Custom-1024x371.png\" alt=\"warning (Custom)\" itemprop=\"image\" height=\"371\" width=\"1024\" title=\"warning (Custom)\" onerror=\"this.style.display='none'\"  \/>\r\n<h2>\r\n\t\tNavigating the Report\r\n\t<\/h2>\r\n\t<section>\r\n<p>All actual security issues are scored based on the risk involved. The greater the risk, the higher the score (priority). You can filter issues by priority or category, or view all found issues as a list. You can also search for specific issues both in &#8216;All Issues&#8217; and in each individual category.<\/p>\r\n<p>You can immediately start fixing issues from the priority list, or click into individual issues and remediate from there. Clicking on\u00a0<b>Go to Issue<\/b> takes you to the place in your code where the issue occurs and shows you a description and remediation recommendations.<\/p>\r\n<\/section>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"<p>Explains the Security Audit Report including the Audit Score, how to navigate the report, the use of filters and how to get remediation advice on each security issue.<\/p>\n","protected":false},"author":4,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"Navigating the API Security Audit Report ","_seopress_titles_desc":"API Audit report tutorial: Explains the Audit Score, how to navigate the report, the use of filters and how to get remediation advice on each security issue.","_seopress_robots_index":"","site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[22,16,25],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/726"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=726"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/726\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}