Mass Assignment
Table of Contents
Objects in modern applications have many properties, but not all the properties should be accessed or updated directly by a client. A mass assignment flaw exists when an API endpoint automatically converts client parameters into internal object properties without considering the sensitivity of the properties. Look for:
- Using objects instead of direct parameters in the API endpoints
- Relying on language frameworks to assign property values from parameters and request bodies.