When APIs are versioned and older versions deprecated, security controls on legacy versions often lag behind — creating exploitable attack surface. Testing evaluates: are deprecated API versions still accessible? Do they enforce the same authentication and authorisation? Are known vulnerabilities in old versions patched? Can attackers downgrade requests to less-secure API versions? And does monitoring cover legacy API endpoints?
Technical
API Versioning and Deprecation Security: When Old APIs Become Attack Vectors for Australian Enterprises
Deprecated API versions often lack security updates. Testing whether old API versions create exploitable attack surface. Guidance for AU market.