OWASP API Top 10
By Aditya Chauhan
API1:2019 — Broken object-level authorization Attackers replace their resource ID in an API call with another user’s resource ID. The lack of proper authorization checks allows attackers to gain access to the resource. This attack is also known as IDOR. Use case The sequence of API calls uses the ID of the resource available to […]