When APIs are versioned and older versions deprecated, security controls on legacy versions often lag behind — creating exploitable attack surface. Testing evaluates: are deprecated API versions still accessible? Do they enforce the same authentication and authorisation? Are known vulnerabilities in old versions patched? Can attackers downgrade requests to less-secure API versions? And does monitoring cover legacy API endpoints?
Technical
API Versioning and Deprecation Security: When Old APIs Become Attack Vectors cho Doanh nghiệp Việt Nam
Deprecated API versions often lack security updates. Testing whether old API versions create exploitable attack surface. Guidance for VN market.