Question: 34
A financial institution's cybersecurity team has detected th...
π‘οΈ Free practice test question from: API vulnerability (Security+)
API vulnerabilitySecurity+
A financial services company has developed an API endpoint /api/accounts/{accountId}/transactions that allows users to view their own transaction history. During a security audit, it is discovered that by changing the accountId parameter in the URL, a user can access the transaction histories of other users without any additional authentication or authorization checks.
Which type of vulnerability does this scenario best exemplify?
π More Questions in This Category
π¬ Discussion and Feedback
Share your thoughts, provide feedback, or discuss the question and answer below. You can also help others by answering their questions or providing additional information. Thank you for contributing! π
Comments
No comments yet. Be the first to comment!