API 213 - Mitigating APIs Mass Assignment
Mass Assignment occurs when adversaries exploit unexposed object properties or methods through API parameters. An API might be vulnerable to Mass Assignment if the application directly binds parameters to an internal object’s properties without proper validation.
On successful completion of this course, learners should have the knowledge and skills required to:
- Avoid direct use automatic binding
- Define and enforce schemas for input payloads
- Validate and filter input before binding
- Use read-only properties where appropriate