diff --git a/editions/2023/en/0xaa-unsafe-consumption-of-apis.md b/editions/2023/en/0xaa-unsafe-consumption-of-apis.md index 016b1ddba..bbf94e448 100644 --- a/editions/2023/en/0xaa-unsafe-consumption-of-apis.md +++ b/editions/2023/en/0xaa-unsafe-consumption-of-apis.md @@ -3,7 +3,7 @@ | Threat agents/Attack vectors | Security Weakness | Impacts | | - | - | - | | API Specific : Exploitability **Easy** | Prevalence **Common** : Detectability **Average** | Technical **Severe** : Business Specific | -| Exploiting this issue requires attackers to identify and potentially compromise other APIs/services the target API integrated with. Usually, this information is not publicly available or the integrated API/service is not easily exploitable. | Developers tend to trust and not verify the endpoints that interact with external or third-party APIs, relying on weaker security requirements such as those regarding transport security, authentication/authorization, and input validation and sanitization. Attackers need to identify services the target API integrates with (data sources) and, eventually, compromise them. | The impact varies according to what the target API does with pulled data. Successful exploitation may lead to sensitive information exposure to unauthorized actors, many kinds of injections, or denial of service. | +| Exploiting this issue requires attackers to identify and potentially compromise other APIs/services the target API integrated with. Usually, this information is not publicly available or the integrated API/service is not easily exploitable. | Developers tend to trust and not verify the interactions with external or third-party APIs, relying on weaker security requirements such as those regarding transport security, authentication/authorization, and input validation and sanitization. Attackers need to identify services the target API integrates with (data sources) and, eventually, compromise them. | The impact varies according to what the target API does with pulled data. Successful exploitation may lead to sensitive information exposure to unauthorized actors, many kinds of injections, or denial of service. | ## Is the API Vulnerable?