all InfoSec news
Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs. (arXiv:2301.01261v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Mass assignment is one of the most prominent vulnerabilities in RESTful APIs.
This vulnerability originates from a misconfiguration in common web frameworks,
such that naming convention and automatic binding can be exploited by an
attacker to craft malicious requests writing confidential resources and
(massively) overriding data, that should be read-only and/or confidential. In
this paper, we adopt a black-box testing perspective to automatically detect
mass assignment vulnerabilities in RESTful APIs. Execution scenarios are
generated purely based on the OpenAPI specification, …
apis automated automatic box confidential data exploited frameworks malicious misconfiguration requests resources testing vulnerabilities vulnerability web web frameworks writing