1 hour 43 minutes
everyone welcome back to the course. So in this video, we're gonna talk about the third item on the a wasp ap I security top 10 list, which is excessive data exposure.
So we're gonna talk about what it is. We'll also talk about ways that we can prevent or mitigate against it.
So what is excessive data exposure? As the name implies, it's when an attacker or someone else doesn't ap I call, and then basically they get more data than they should. So, for example, if I was an attacker, I do in a PR called directly. And then I get all sorts of sensitive data back
so we'll talk about ways that we can mitigate or prevent against this. So number one taking an inventory of what are our weaknesses in our A p I
and then also we want to think through what kind of response checks do we have in place? So as someone makes an a P, I call, we want to make sure that we trimmed down the response that they're getting to just what they actually need. Just the data that they actually need. We can also do things like defining Sheamus of R AP I responses as well as
assessing our air response is very important. One there.
We can also identify what is our sensitive data. So what kind of sense of data do we have and then justify, like, why is it actually being used? Why would we return that data in this particular AP I call
and then we can enforce thes response checks as well to help us prevent against data leakage. So accidental data leakage or exception leaks right where it Attackers trying to get additional information that they shouldn't.
So a quick, quick, quick question here it's important. It's not important. Excuse me to analyze their responses as part of excessive data exposure mitigation. Is that one true or false?
All right, if you guess false, you are correct. So again, assessing those air responses is an important thing because we want to make sure that when an attacker is attempting various ap I calls and trying to get more data from us, we don't want to give them extra information in the air response that they can then leverage to actually go get our data.
So in this video, we just talked about excessive data exposure. We talked about what it actually is. A swell as some ways to prevent or mitigate against it.
Introduction To OWASP Top Ten: A6 - Security Misconfiguration - Scored
This module for the Introduction to OWASP Top Ten Module covers A6: Security Misconfiguration.
Introduction To OWASP Top Ten: A1 - Injection - Scored
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.