Summary
This chapter started the fourth part of the book, covering API advanced topics. We learned how to identify when sensitive data is exposed. We also discussed ways to test for information leakage on API endpoints (or routes) and finished the chapter with general recommendations on why and how such problems could be prevented.
At the end of the day, it doesn’t matter whether an API uses a modern programming language, has just a few endpoints, and only does specific tasks if the data that this API services is not well protected. Data leakage is one of the (if not the number-one) most feared problems in cyber incidents when they hit companies, regardless of their size.
In the next chapter, we will finish part four by talking about API abuse and general logic tests. It’s nothing less than better understanding the business logic behind an API implementation and how failures on it may lead to exploitations on the API itself. See you there!
