Wednesday, 23 January 2013

OData ASP.NET Web API: An Mass Assignment vulnerability in the making?

When I saw Getting started with OData services in ASP.NET Web API (via reddit) :


I immediately thought Mass Assignment Vulnerability!

The part that raised my alarm was:




There are no mentions in that article of the words ‘security’ or ‘mass assignment’ so I wonder how much awareness there is for this issue?

Anybody has cycles to test it out?

Is there any documentation for the OData ASP.NET Web API on this topic? I couldn't find any references in OData in WebAPI – RC release and OData support in ASP.NET Web API

Mass Assignment Vulnerability references:
Auto-Binding Vulnerability references (another name for Mass Assignment):


sharingpostingking said...

i love this text for the adeptly-researched content and notable wording. I got for that excuse practicing in this cloth that I couldnt decrease studying. i'm impressed once your fulfillment out and present. thank you correctly a good deal.

Jennifer said...

It’s very excellent information and more real facts to provided that post.Thank you for sharing this information. 500-325 exam questions

Unknown said...

Alexander Riley from Rubble Removal Experts

jos said...

For Beginners A Complete Guide To Cycling Cycles Cyclato