Mining REST APIs for Potential Mass Assignment Vulnerabilities

arXiv:2405.01111v1 Announce Type: new
Abstract: REST APIs have a pivotal role in accessing protected resources within cyberspace. Despite the availability of security testing tools, mass assignment vulnerabilities are common, yielding unauthorized access to sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six …

access api apis arxiv attributes availability cs.cr cyberspace data identify mine mining operations resources rest rest api rest apis role security security testing sensitive sensitive data testing testing tools tools unauthorized unauthorized access vulnerabilities