00 — Overview

Mass Assignment

Learn how developers accidentally expose internal object fields through JSON body assignment — and how attackers use it to escalate privileges and manipulate data.

Intermediate·35 min·5 tasks

// By the end of this module

→Understand how mass assignment frameworks blindly bind request parameters

→Identify unexposed but writable fields in API request bodies

→Escalate privileges by injecting role or admin fields into POST requests

→Find mass assignment by comparing API docs against actual request handling

// Prerequisites

Foundation · Beginner

APIs & Modern Web Apps

35 min

→

Access Control · Beginner

IDOR — Broken Access Control

50 min

→