Saved in:
Bibliographic Details
Main Authors: Mazidi, Arash, Corradini, Davide, Ghafari, Mohammad
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.01111
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.