Title

The API must limit the exposure of endpoints. (Cat II impact)

Discussion

Exposing too many API endpoints, which are specific URLs or paths that allow clients to interact with various functions or data within the system, increases the attack surface. This exposure makes the API more vulnerable to unauthorized access, data breaches, and distributed denial-of-service (DDoS) attacks. By restricting access to only necessary endpoints, the API ensures that only authenticated and authorized users can reach sensitive data or critical operations. Limiting the number of exposed endpoints reduces system complexity, enhances performance, and enables more effective enforcement of rate limits and monitoring controls.

Check Content

Review the API documentation and configuration. If any endpoints (i.e., URLs or paths that handle client requests) are publicly accessible without a valid business or security justification, or if unnecessary endpoints are exposed, this is a finding.

Fix Text

Build or configure the API to limit the endpoint against improper exposure.

Additional Identifiers

Rule ID: SV-274557r1143590_rule

Vulnerability ID: V-274557

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.