API8:2019 Broken Access Control
APIs are often designed with the assumption that all users have access to all resources, which is not always true.
Discription
By exploiting this issue, attackers can gain access to other users resources and/or administrative functions.
API9:2019 Insufficient Logging & Monitoring
Insufficient logging and monitoring of API activity makes it difficult for developers to identify security issues in their applications or during development time. Without proper logging and monitoring mechanisms, it is impossible to detect attacks early on or even understand what exactly happened after an attack has been discovered
https://t.co/5t2r1T89gQ
References
Back to Main