Question

The latest web application, using default settings, is currently accepting application programming interface (API) calls over HyperText Transfer Protocol (HTTP). The environment has a moderate key management system. Even with basic server security, the API connection is vulnerable to which of the following? (Select all that apply.)

A. Key discovery
B. Improper error handling
C. DNS Poisoning
D. Shimming

Answer 1

The latest web application is vulnerable to key discovery, improper error handling, and shimming.

Step-by-step explanation:

The latest web application is vulnerable to Key discovery, Improper error handling, and Shimming.

Key discovery is the process of finding the API key by using various techniques such as brute force or social engineering. If the key is exposed, an attacker can gain unauthorized access to the API. Improper error handling can reveal sensitive information about the system, providing valuable clues to attackers. Shimming is a technique that allows malware to intercept and modify the communication between web applications and APIs, potentially exposing sensitive data.