Mass Assignment Flashcards

1
Q

What is a mass assignment vulnerability?

A

It’s a vulnerability where an attacker can overwrite object properties by adding parameters to a request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the factors that allow a mass assignment attack?

A

Three things must be in place:
1. The request must accept user input
2. The request must be able to alter values not available to the user (Potential to modify objects).
3. Missing security controls to handle user input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you use an API documentation to try to find mass assignment vulnerabilities? Explain.

A

Yes. It’s recommended to search for requests that are possibly vulnerable to mass assignment in the documentation or collection. Also, it’s very important to understand the parameters used in the requests and try to add them in other interesting ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is required for a mass assignment vulnerability to be present?
a) An API must not have rate limiting in place
b) An API must not have a web application firewall
c) An API must be lacking user input validation
d) An API must be using JSON Web Tokens

A

Letter c.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly