Best practices

Potentially enumerable query parameter

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

We detected a query parameter which might be enumerable. If the parameter is enumerable, it could potentially allow attackers to perform a range of attacks, such as guessing or brute-forcing valid values for the parameter. This could potentially lead to unauthorized access to sensitive information or other security issues.
  • Recommended Mitigation

    Protect your APIs from BOLA exploitation risks by using non-guessable unique identifiers for your entity identifiers - such as Universally Unique Identifiers (UUIDs). Moreover, always ensure authorization mechanisms are in place for each and every endpoint operation.