all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs. (arXiv:2301.01261v1 [cs.CR])

Add to bookmarks
Jan. 4, 2023, 2:10 a.m. | Davide Corradini, Michele Pasqua, Mariano Ceccato

cs.CR updates on arXiv.org arxiv.org

Mass assignment is one of the most prominent vulnerabilities in RESTful APIs.
This vulnerability originates from a misconfiguration in common web frameworks,
such that naming convention and automatic binding can be exploited by an
attacker to craft malicious requests writing confidential resources and
(massively) overriding data, that should be read-only and/or confidential. In
this paper, we adopt a black-box testing perspective to automatically detect
mass assignment vulnerabilities in RESTful APIs. Execution scenarios are
generated purely based on the OpenAPI specification, …

apis automated automatic box confidential data exploited frameworks malicious misconfiguration requests resources testing vulnerabilities vulnerability web web frameworks writing

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Dihedral Quantum Codes 1 day, 6 hours ago | arxiv.org
arxiv block class code +9
A Privacy Preserving System for Movie Recommendations Using Federated Learning 1 day, 6 hours ago | arxiv.org
arxiv businesses cs.cr cs.ir +20
VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model 1 day, 6 hours ago | arxiv.org
accelerate advisory arxiv cs.cr +24
Simultaneous Haar Indistinguishability with Applications to Unclonable Cryptography 1 day, 6 hours ago | arxiv.org
applications arxiv build cloning +11
SoK: Prudent Evaluation Practices for Fuzzing 1 day, 6 hours ago | arxiv.org
afl arxiv bugs concept +13
The Effect of Quantization in Federated Learning: A R\'enyi Differential Privacy Perspective 1 day, 6 hours ago | arxiv.org
arxiv can cs.cr cs.dc +15
Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption 1 day, 6 hours ago | arxiv.org
arxiv attacks body cs.ai +16
SecureLLM: Using Compositionality to Build Provably Secure Language Models for Private, Sensitive, and Secret Data 1 day, 6 hours ago | arxiv.org
access arxiv back build +15
IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency 1 day, 6 hours ago | arxiv.org
adversaries arxiv attacks backdoor +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Information Security Senior Analyst

@ Media.Monks | Americas: USA + Canada
View on infosec-jobs.com

Senior Program Associate- Cybersecurity Awareness (Remote)

@ Fannie Mae | Washington, DC, United States
View on infosec-jobs.com

Cybersecurity Specialist - Endpoint Security

@ Hexagon US Federal | Huntsville, AL
View on infosec-jobs.com