Site icon API Security Blog

Don’t use access tokens for authentication.

API #3: Excessive Data Exposure

The third vulnerability is excessive data exposure, which happens when an API exposes too much information about users or resources. This can be a big problem because attackers can leverage this information to launch further attacks on the application or its users. For example, if an API exposes user names and passwords in plaintext, attackers could steal these credentials and log into other parts of the app without authorization! Or if an API leaks sensitive financial data like credit card numbers and bank account details, attackers might be able to steal money from customers’ accounts! Learn more about how to prevent excessive data exposure here
https://t.co/8nt3YF70gc

Exit mobile version