Back to Search Start Over

Mining REST APIs for Potential Mass Assignment Vulnerabilities

Authors :
Mazidi, Arash
Corradini, Davide
Ghafari, Mohammad
Publication Year :
2024

Abstract

REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.<br />Comment: EASE 2024

Subjects

Subjects :
Computer Science - Cryptography and Security

Details

Database :
arXiv
Publication Type :
Report
Accession number :
edsarx.2405.01111
Document Type :
Working Paper
Full Text :
https://doi.org/10.1145/3661167.3661204
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details