StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
40054

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

API Broken Object Property Level Authorization

Reference
Plugin ID: 40054 CWE: 639 WASC: 2 High Active Access Control
Resource

Remediation

To mitigate Broken Object Property Level Authorization vulnerabilities, implement the following security measures:

  1. Property-Level Access Controls: Implement authorization checks at the object property level to ensure users can only access appropriate data fields.

  2. Data Filtering: Filter API responses based on user permissions, removing sensitive properties that users should not access.

  3. Input Validation: Validate and authorize property-level modifications in API requests to prevent unauthorized data changes.

  4. Schema Validation: Use strict schema validation to ensure only authorized properties are included in API requests and responses.

About

Broken Object Property Level Authorization occurs when APIs expose sensitive object properties without proper authorization checks. This corresponds to OWASP API Security Top 10 2023 - API03: Broken Object Property Level Authorization.

Risks

Broken Object Property Level Authorization can result in:

  • Exposure of sensitive user data and properties
  • Unauthorized modification of restricted object properties
  • Information disclosure through API responses
  • Privilege escalation through property manipulation
  • Data privacy violations and compliance issues

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy