I have hit one of the dangerous mistakes a Developer can do
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
As you see here the API is rejecting all the requests without Authorization header but after adding a fake one it returns the data
This vulnerability is classified as BFLA/BOLA API1:2023
(Broken Function/Object Level Authorization) or a Broken Access Control (BAC) issue at all
You can read more about it on OWASP API Top 10
API1:2023 Broken Object Level Authorization
#API_Security
@reverseengineer101
❤8👍3😢3🤯2😁1