In general technical impact is not expected. If mitigation mechanisms are already in place, attackers need to find a way to bypass them. endpoints) are involved in the target workflow and how they work together. Attackers manually identify what resources (e.g. ![]() Lack of a holistic view of the API in order to fully support business requirements tends to contribute to the prevalence of this issue. Prevalence Widespread : Detectability AverageĮxploitation usually involves understanding the business model backed by the API, finding sensitive business flows, and automating access to these flows, causing harm to the business. ![]() ![]() API1:2023 Broken Object Level AuthorizationĪPI3:2023 Broken Object Property Level AuthorizationĪPI4:2023 Unrestricted Resource ConsumptionĪPI5:2023 Broken Function Level AuthorizationĪPI6:2023 Unrestricted Access to Sensitive Business FlowsĪPI1:2019 Broken Object Level AuthorizationĪPI4:2019 Lack of Resources & Rate LimitingĪPI5:2019 Broken Function Level AuthorizationĪPI10:2019 Insufficient Logging & MonitoringĪPI6:2023 Unrestricted Access to Sensitive Business Flows Threat agents/Attack vectors
0 Comments
Leave a Reply. |