Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

APISEC - API Penetration Testing > Mass Assignment > Flashcards

Mass Assignment Flashcards

1
Q

What is a mass assignment vulnerability?

A

It’s a vulnerability where an attacker can overwrite object properties by adding parameters to a request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the factors that allow a mass assignment attack?

A

Three things must be in place:
1. The request must accept user input
2. The request must be able to alter values not available to the user (Potential to modify objects).
3. Missing security controls to handle user input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you use an API documentation to try to find mass assignment vulnerabilities? Explain.

A

Yes. It’s recommended to search for requests that are possibly vulnerable to mass assignment in the documentation or collection. Also, it’s very important to understand the parameters used in the requests and try to add them in other interesting ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is required for a mass assignment vulnerability to be present?
a) An API must not have rate limiting in place
b) An API must not have a web application firewall
c) An API must be lacking user input validation
d) An API must be using JSON Web Tokens

A

Letter c.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

APISEC - API Penetration Testing (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions