API Security
Mass Assignment
Binding all request parameters to model attributes without filtering sensitive fields.
Mass assignment (or autobinding) occurs when frameworks automatically bind HTTP request parameters to model attributes. Attackers can set fields like isAdmin or role by including them in the request. Prevent with allowlists or DTOs.