Let’s build an API to hack — Part 4: OWASP API top 10 — Mass assignment

Introduction

For the issue type “Mass assignment” the UI display only the following fields in your account settings:

• Name + lastname
• Username
• Adress

Mass assignments is when objects have certain properties to them, like “userType” that are bound to the user object but not used in the UI persé or even in the API request. The user might have to guess it but i wanted to teach with this assignment so…