owasp-api-security-top-10

The file is a security guidance document describing mass-assignment/overposting and sensitive-field exposure (API3:2023). The 'Wrong' examples show high-risk patterns: (1) iterating over request.json and setattr -> db.session.commit() enables unauthorized modification of privileged fields; (2) returning user.__dict__ leaks internal/sensitive data. The 'Right' examples show correct mitigations (explicit request/response schemas and role-based filtering). The document itself is not malicious, but the insecure code patterns, if present in production code, represent significant security vulnerabilities that should be remediated as recommended.