Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2405.01111 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866916234943004672 |
|---|---|
| author | Mazidi, Arash Corradini, Davide Ghafari, Mohammad |
| author_facet | Mazidi, Arash Corradini, Davide Ghafari, Mohammad |
| contents | REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2405_01111 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Mining REST APIs for Potential Mass Assignment Vulnerabilities Mazidi, Arash Corradini, Davide Ghafari, Mohammad Cryptography and Security REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs. |
| title | Mining REST APIs for Potential Mass Assignment Vulnerabilities |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2405.01111 |