Exam 312-50v11 topic 1 question 313 discussion

A is likely the answer. A- No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting.

A: No ABAC Validation - No ABAC Validation - No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting. - Business Logic Flaws - Many APIs come with vulnerabilities in business logic . Allow attackers to exploit legitimate workflows for malicious purposes. - Improper Use of CORS - Cross-origin resource sharing (CORS) is a mechanism that enables the web browser to perform cross-domain requests; improper implementations of CORS can cause unintentional flaws . Using the “Access-Control-Allow-Origin” header for allowing all origins on private APIs can lead to hotlinking. - Code Injections - If the input is not sanitized, attackers may use code injection techniques such as SQLi and XSS to add malicious SQL statements or code to the input fields on the API. Allow attackers to steal critical information such as session cookies and user credentials.

API Vulnerabilities 7. No ABAC Validation - No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting. (P.1927/1911)

- No ABAC Validation - No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting.

- No ABAC Validation - No proper attribute-based access control (ABAC) validation allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting.

Answer is A, no ABAC validation.

A: No ABAC Validation

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. A is Correct.

A - Lack of proper ABAC validation allows attackers to gain unauthorized access to API objects or actions to perform viewing, updating, or deleting Module 14 Page 1910

A: No ABAC Validation unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

I prefer to C. Cuz the question is 'API vulnerability', rather than 'Potential issues'.

It's A

correct answer is No ABAC validation

Because CORS is an access control mechanism, it can be misconfigured, thereby enabling an attacker to bypass it and make the client browser act as a proxy between a malicious website and the target web application. ... Building dynamic Access-Control-Allow-Origin with improper server-side validation