docs: Add Threat Agend and Impacts

Author: PauloASilva

2019/en/0xa3-improper-data-filtering.md

@@ -4,14 +4,18 @@ A3:2019 Improper Data Filtering
 | Threat agents/Attack vectors | Security Weakness | Impacts |
 | -- | -- | -- |
 | Access Lvl : Exploitability ? | Prevalence ? : Detectability ? | Technical ? : Business |
-| | | |
+| Since API are used as data sources, many times while writing the APIs developers try to implement them in a very generic way, without thinking about the sensitivity of the exposed data. They rely on clients to perform the data filtering before showing it to the user. | | Frequently sensitive object properties are exposed such as those holding PII protected by law or regulation (e.g. GDPR), authentication data or meaningful resources relationships. |
 
 ## Is the API Vulnerable?
 
-## How To Prevent
-
 ## Example Attack Scenarios
 
+### Scenario #1
+
+### Scenario #2
+
+## How To Prevent
+
 ## References
 
 ### OWASP