The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.
API security anti-pattern for Excessive Data Exposure
Object properties may have different sensitivity. The different sensitivity would justify the different treatment of the properties. However, developers often aim for generic and reusable code, that can be used for handling any property regardless of its individual sensitivity. Often it is even assumed that the calling app (client) performs the data filtering of critical properties before the object is shown.
Want to learn more?
- Part 1 Broken Object Level Authorization
- Part 2 Broken User Authentication
- Part 3 Excessive Data Exposure
Check out the complete OWASP API security paper. To secure access to your APIs, learn more about the OAuth in the OAuth Book, or the OAuth Course. To provide and use identity data in apps and APIs, learn more about OpenID Connect in the OpenID Connect Book, or the OpenID Connect Course.
Also published on Medium.