Hello everyone. Hope someone can shed some light on an issue that is driving me crazy.
An API (written in C#) that I work with started returning 3 medium threats on “Excessive Data Exposure”. I started researching and found that probably the issue had to do with the endpoints returning too much data. Steps I took included
- Modify the sql query to return only 2 of the original 20 fields ( we were doing a select * )
- Creating a specific DTO for the object returned, including only those 2 fields
But CxSAST scans keep returning the medium threats…
What else should I be looking at?
If this question needs to be redirected to a different forum, please let me know