🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional10 / 129
Question 10 of 129
A security tester reviewing a company's REST API discovers that changing the numeric account ID in the URL path /api/v1/accounts/1042/statements to /api/v1/accounts/1043/statements returns another customer's statements. The request carried a valid, authenticated bearer token belonging to the tester. Which underlying flaw most accurately describes this finding, and what is the correct remediation?
Reviewed for accuracy · Report an issueNext question