Best practices

Potentially enumerable path endpoint

Risk Level

Hazardous (3)

  • N/A


We detected a path endpoint parameter which might be enumerable. If the parameter is enumerable, it could potentially allow attackers to perform a range of attacks, such as guessing or brute-forcing valid values for the parameter. This could potentially lead to unauthorized access to sensitive information or other security issues.
  • Recommended Mitigation

    Protect your APIs from BOLA exploitation risks by using non-guessable unique identifiers for your entity identifiers - such as Universally Unique Identifiers (UUIDs). Moreover, always ensure authorization mechanisms are in place for each and every endpoint operation.