docs: Add Attack Scenario

Author: PauloASilva

2019/en/0xa3-improper-data-filtering.md

@@ -12,6 +12,15 @@ A3:2019 Improper Data Filtering
 
 ### Scenario #1
 
+The User model implements a toJSON() method to serialize a user object as JSON.
+While implementing the `GET /v1/articles/{article_id}/comments/{comment_id}`
+endpoint that returns details about a specific comment in an article and basic
+details about its author, the developer finds the toJSON() method and decides to
+use it (without thinking about the sensitive details it may expose). The mobile
+team is using the endpoint in the articles view, rendering only relevant data.
+An attacker sniffs the mobile app traffic and finds about the sensitive data
+exposure.
+
 ### Scenario #2
 
 ## How To Prevent