Medium Severity | OWASP API Top 10
🟡 API Information Disclosure
🧠 Description
API leaks sensitive information through verbose error messages, excessive data in responses, version disclosure, or improper access control.
Impact: Technology Stack Disclosure, Further Attack Enumeration, Data Exposure
🔍 Detection Points
- Verbose error messages with stack traces
- API version in headers/responses
- PII in API responses
- Internal IPs in response headers
- Sensitive data in URL parameters
🛡️ Mitigation
✅ Use generic error messages
✅ Remove version headers
✅ Filter sensitive data from responses
✅ Implement proper access control
✅ Remove version headers
✅ Filter sensitive data from responses
✅ Implement proper access control