Unauthenticated route use expensive APIs

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

An exposed API allows unauthenticated users to make use of paid third-party services, which may not be intended.

A malicious user could abuse this endpoint to incur significant costs, exceed your quota, and potentially disrupt your application.

Rationale

This finding works by:

  • Identifying an API that lacks an authentication mechanism
  • Is processing traffic from the internet.
  • It was detected using a third-party paid service as a part of its operations. See the list of services that fall in this category.

Remediation

  • Implement authentication to prevent non-intended users’ interaction with the API