diff --git a/test-data/2.0/security/swagger.json b/test-data/2.0/security/swagger.json
index 60acc432..d136b341 100644
--- a/test-data/2.0/security/swagger.json
+++ b/test-data/2.0/security/swagger.json
@@ -18,7 +18,7 @@
     "apiKey3": {
       "type": "apiKey",
       "name": "apiKey3",
-      "in": "header"
+      "in": "query"
     },
     "oauth2": {
       "type": "oauth2",
diff --git a/tests/operation/security_object_test.py b/tests/operation/security_object_test.py
index 4bef8f21..ad6dea94 100644
--- a/tests/operation/security_object_test.py
+++ b/tests/operation/security_object_test.py
@@ -141,23 +141,27 @@ def test_security_parameter_cannot_override_path_or_operation_parameter(
 
 
 @pytest.mark.parametrize(
-    'resource, operation, headers, expect_to_raise',
+    'resource, operation, query, headers, expect_to_raise',
     [
-        ('example1', 'get_example1', {'sec1': 'sec1', 'sec2': 'sec2'}, True),
-        ('example2', 'get_example2', {}, True),
-        ('example3', 'get_example3', {'sec1': 'sec1', 'sec2': 'sec2'}, False),
+        ('example1', 'get_example1', {}, {'sec1': 'sec1', 'sec2': 'sec2'}, True),
+        ('example2', 'get_example2', {}, {}, True),
+        ('example2', 'get_example2', {}, {'sec3': 'sec3'}, True),
+        ('example2', 'get_example2', {'sec3': 'sec3'}, {}, False),
+        ('example3', 'get_example3', {}, {'sec1': 'sec1', 'sec2': 'sec2'}, False),
     ]
 )
 def test_only_one_security_definition_in_use_at_time(
         security_spec,
         resource,
         operation,
+        query,
         headers,
         expect_to_raise,
 ):
     request = Mock(
         spec=IncomingRequest,
         headers=headers,
+        query=query,
     )
 
     op = security_spec.resources[resource].operations[operation]