HawkScan Test Info for API Broken Object Property Level Authorization

API Broken Object Property Level Authorization

Reference

Plugin Id: 40054 | CWE: 639

Resource

https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html

Remediation

To mitigate Broken Object Property Level Authorization vulnerabilities, implement the following security measures:

Property-Level Access Controls: Implement authorization checks at the object property level to ensure users can only access appropriate data fields.
Data Filtering: Filter API responses based on user permissions, removing sensitive properties that users should not access.
Input Validation: Validate and authorize property-level modifications in API requests to prevent unauthorized data changes.
Schema Validation: Use strict schema validation to ensure only authorized properties are included in API requests and responses.

About

Broken Object Property Level Authorization occurs when APIs expose sensitive object properties without proper authorization checks. This corresponds to OWASP API Security Top 10 2023 - API03: Broken Object Property Level Authorization.

Risks

Broken Object Property Level Authorization can result in:

Exposure of sensitive user data and properties
Unauthorized modification of restricted object properties
Information disclosure through API responses
Privilege escalation through property manipulation
Data privacy violations and compliance issues