Saved in:
Bibliographic Details
Main Authors: Mazidi, Arash, Corradini, Davide, Ghafari, Mohammad
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.01111
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916234943004672
author Mazidi, Arash
Corradini, Davide
Ghafari, Mohammad
author_facet Mazidi, Arash
Corradini, Davide
Ghafari, Mohammad
contents REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.
format Preprint
id arxiv_https___arxiv_org_abs_2405_01111
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Mining REST APIs for Potential Mass Assignment Vulnerabilities
Mazidi, Arash
Corradini, Davide
Ghafari, Mohammad
Cryptography and Security
REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.
title Mining REST APIs for Potential Mass Assignment Vulnerabilities
topic Cryptography and Security
url https://arxiv.org/abs/2405.01111