API Testing / Quiz

The Auth Token Gauntlet

JWTs, expiry, scopes, and the object-level authorization bugs that top the OWASP API list.

Difficulty
Medium
Format
Quiz
Points
150
Estimate
9 min

// MISSION BRIEF

Your Mission

Authentication testing is where API testing meets security. Expired tokens, missing scopes, and the infamous BOLA (Broken Object Level Authorization), the #1 API vulnerability class.

Think like the attacker your API will eventually meet.

// FIRST CONTACT

Battle teaser

User A (token valid) requests GET /api/users/B-42/invoices, another user's data, and receives 200. This vulnerability is called:

  1. ABOLA / IDOR, broken object level authorization
  2. BSession fixation
  3. CCSRF
  4. DToken replay
Answers, scoring, hints, and the full battle stay sealed.

// SKILL TAGS

authjwtbolaowasp-api