TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
C# Corner
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Most Common Attacks Carried Out On APIs
Karthick S
Dec 12, 2022
2.8
k
0
1
facebook
twitter
linkedIn
Reddit
WhatsApp
Email
Bookmark
In this blog, you will learn about the overview of the most common attacks carried out on APIs.
API Injection Attack
Injection attacks are carried out by inserting malicious code into the API via a query or request to obtain unauthorized access to data.
These are most commonly SQL injection attacks, which insert malicious SQL code as a parameter field.
DDoS (Distributed Denial of Service) attack
This aims to disrupt a server with a large amount of traffic. It essentially creates a traffic jam, with no traffic able to be transferred to and from the server.
This can break the API by making its data inaccessible to users.
Excessive data exposure
This is where an API returns unneeded or sensitive data in its responses that could be valuable to hackers.
This is commonly seen where APIs return complete datasets as they are on backend servers, and the client is relied on to filter the results.
MITM (Man-in-the-middle attack)
MITM attacks are when a hacker intercepts communication between two programs to obtain the information being transferred between them.
This risk is much greater if the data in transit is not encrypted, which is why using HTTPS is standard.
Parameter Tampering
Parameter tampering aims to manipulate parameters sent in API requests, creating access to potentially sensitive information.
Parameter tampering is done mainly through input forms submitted by clients on the web.
Security Vulnerability
Attacks
API
Malicious Attack
Next Recommended Reading
API Security Best Practices