4.2.1 Sensitive data and APIs are protected against direct object attacks¶
Verify that sensitive data and APIs are protected against direct object attacks targeting creation, reading, updating and deletion of records, such as creating or updating someone else’s record, viewing everyone’s records, or deleting all records.
| Level 1 | X |
| Level 2 | X |
| Level 3 | X |
| CWE | NIST |
|---|---|
| 639 |