API6:2023 — Unrestricted Access to Sensitive Business Flows

Q: What is Unrestricted Access to Sensitive Business Flows?

API6:2023 covers automated abuse of business APIs: scalper bots, vote manipulation, credential stuffing, and mass registration without anti-bot protections.

Verified by Precogs Threat Research

OWASP API 2023Rank #6

What is Unrestricted Access to Sensitive Business Flows?

APIs that expose sensitive business flows (purchasing, commenting, voting, booking) without protecting against excessive automated access. Bot-driven abuse of legitimate business functions.

Impact

Scalper bots buying all inventory, automated review/vote manipulation, credential stuffing on login APIs, and automated mass registration.

How Precogs AI Addresses API6

Precogs AI identifies business-critical API endpoints lacking rate limiting, CAPTCHA, or bot detection mechanisms during code review and runtime testing.

Scan for API6 Risks

Related CWEs

CWE-799 ↗

API6:2023 — Unrestricted Access to Sensitive Business Flows

What is Unrestricted Access to Sensitive Business Flows?

Impact

How Precogs AI Addresses API6

Related CWEs

Risk Overview

Quick Links

Protect Against API6

What is Unrestricted Access to Sensitive Business Flows?

Impact

How Precogs AI Addresses API6

Related CWEs

Related Resources

🔗 External References

Risk Overview

Quick Links

Protect Against API6