Verbose error messages can leak information about the server, such as the version of the underlying database structure.
Discription
Misconfigured HTTP headers allow attackers to exfiltrate data or perform common web attacks on users. CORS misconfiguration allows attackers to steal sensitive information from an applications users.
Insecure direct object references and broken access control lists (ACL) are also a couple of other issues that stem from misconfigurations in APIs, but I will save them for another post
https://t.co/3enzNmD31n
References
Back to Main