Articles | Char49

06 Oct

API6:2019 Mass Assignment

Fast pace development environments or unclear business or functional requirements make developers choose generic implementations: binding client-provided data (e.g. JSON objects) to data models (e.g. those provided by popular ORM/ODM libraries) is, unfortunately, a common pattern that leaves the doo...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, Mass Assignment, JSON, ORM, ODM, REST API

24 Aug

API3:2019 Excessive Data Exposure

Either looking forward to generic implementations or due to short time-to-market, developers tend to expose all object properties (e.g. JSON), relying on clients (e.g. web front-end or mobile application) to filter relevant data to render. Quite often such data exposes system internals or personally...

By Char49 OWASP OWASP API, OWASP, API, API Security, API3, Data Exposure, JSON, OWASP API Security Top 10