API Security — Broken Object Level Authorization: Attack and Defense

What is OWASP?

The 2019 API Security Guidelines:

Broken Object Level Authorization:

The Scenario:

The API Endpoint:

GET https://mysecretproducts.io/products/37128
Image for post
Image for post
product id

The Problem:

The Attack:

Image for post
Image for post
Burp Suite — Intruder — Sniper Mode

The Mitigation:

The Prevention:

Conclusion:

A software engineer by profession. Tinkers with electronics as a hobby. Loves literature and music. Likes to write and build things from scratch.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store