6 API security by design
This chapter covers
- Mitigating the risk of predictable resource identifiers
- Designing secure pagination patterns
- Constraining user input to prevent large payload attacks
- Designing strict data models to mitigate the risk of data corruption attacks
- Understanding the risks of exposing server-side properties in user input
- Designing and enforcing secure user flows through the API
In February 2024, Trello, the popular project management platform, suffered a major data breach affecting 15 million users. The data leaked contained personal names, usernames, emails, and other account information. Surprisingly, the threat actor didn’t need to breach the system to obtain the data. How could this happen?
Trello had an endpoint that conveniently allowed users to find other users by email and connect with them. Upon finding an existing user, the API returned their full profile. In other words, the endpoint revealed excessive user personal information. Besides, the endpoint was unauthenticated, and it wasn’t properly rate-limited, which allowed the threat actor to query the API anonymously millions of times without being traced. In response to the breach, Trello required authentication to access user profiles. This allows Trello to trace each request to a specific user account, and hence detect and flag abnormal user behavior.