Broken user authentication can lead to stolen or leaked access tokens, which are then used by attackers to impersonate users.

API #3: Excessive Data Exposure

The third vulnerability is excessive data exposure. This happens when an API exposes too much information about the underlying system and its resources. For instance, if you have a banking app that shows all your bank accounts in one place, it might be exposing too much data about your account balances and transactions. If this information were exposed via an API endpoint, attackers could use this vulnerability to steal money from other people’s accounts! Learn more about how to prevent excessive data exposure here

Back to Main