Excessive Data Exposure. What is it?
Thread π§΅π
Thread π§΅π
π Excessive Data Exposure
The API developer sends more data than required to the client. The client side has to filter the information to show it to the user, thus leaving a lot of unused data.
This remaining data can fall prey to potential data leaks.
The API developer sends more data than required to the client. The client side has to filter the information to show it to the user, thus leaving a lot of unused data.
This remaining data can fall prey to potential data leaks.
The man-in-the-middle is the most common attack that can exploit this information, as unwanted personnel can intercept the data in transit.
π Prevention techniques
1οΈβ£ Data Filtering
Instead of relying on the client side to filter the data, this operation should be performed on the server before sending the data.
1οΈβ£ Data Filtering
Instead of relying on the client side to filter the data, this operation should be performed on the server before sending the data.
2οΈβ£ Send only the Necessary Information
You can also ensure that only the data the client has requested is sent to them. You are not sending any unnecessary information.
You can also ensure that only the data the client has requested is sent to them. You are not sending any unnecessary information.
3οΈβ£ Categorizing Data
To ensure that you are not sending sensitive data, you can also categorize your data as admin, personal, or sensitive information.
To ensure that you are not sending sensitive data, you can also categorize your data as admin, personal, or sensitive information.
Thatβs all for now!
Follow @Rapid_API for more exclusive content. π
Follow @Rapid_API for more exclusive content. π
Loading suggestions...