API Testing / Quiz
The Auth Token Gauntlet
JWTs, expiry, scopes, and the object-level authorization bugs that top the OWASP API list.
- Difficulty
- Medium
- Format
- Quiz
- Points
- 150
- Estimate
- 9 min
// MISSION BRIEF
Your Mission
Authentication testing is where API testing meets security. Expired tokens, missing scopes, and the infamous BOLA (Broken Object Level Authorization), the #1 API vulnerability class.
Think like the attacker your API will eventually meet.
// FIRST CONTACT
Battle teaser
User A (token valid) requests GET /api/users/B-42/invoices, another user's data, and receives 200. This vulnerability is called:
- ABOLA / IDOR, broken object level authorization
- BSession fixation
- CCSRF
- DToken replay
Answers, scoring, hints, and the full battle stay sealed.
// SKILL TAGS
authjwtbolaowasp-api