Michael Jones

Broken Object Level Authorization is a critical security vulnerability that can have severe consequences for an application. In this article, we will explore what Broken Object Level Authorization is, why it is a problem, and how to mitigate it. We will also provide a simple Python REST API example to demonstrate the impact of this vulnerability.

When building APIs, we typically provide the ability to sort or filter data on GET operations via query parameters. While building basic query parameters in MuleSoft is simple, expanding your API to support optional and repeatable parameters can seem daunting when you're new to the platform. We will be building a simplistic Product System API in order to demo optional and repeatable query params. To accomplish this, we will be building dynamic (parameterized) SQL, and as a bonus wrapping this functionality into a reusable library.