The API must use Web Application Firewall (WAF).

STIG ID: SRG-APP-000516-API-001305  |  SRG: SRG-APP-000516 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-274769

Vulnerability Discussion

The API must be protected by a Web Application Firewall (WAF) or an API Gateway that monitors and filters incoming and outgoing traffic to prevent injection attacks, ensuring malicious inputs are detected and blocked.

Check

Verify the API is configured to use a WAF or API Gateway to manage traffic.

If the API is not configured to use a WAF or API Gateway in accordance with organization-defined security policies, this is a finding.

Fix

Build or configure the API to use a WAF or API Gateway to manage traffic.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.