Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing. (arXiv:2301.09258v1 [cs.CR])

APIs often transmit far more data to client applications than they need, and
in the context of web applications, often do so over public channels. This
issue, termed Excessive Data Exposure (EDE), was OWASP's third most significant
API vulnerability of 2019. However, there are few automated tools -- either in
research or industry -- to effectively find and remediate such issues. This is
unsurprising as the problem lacks an explicit test oracle: the vulnerability
does not manifest through explicit abnormal …

api apis api vulnerability applications automated client context data data exposure effectively exposure find fuzzing industry issue owasp problem public research server third tools vulnerability web web applications web server