all InfoSec news
Mining REST APIs for Potential Mass Assignment Vulnerabilities
May 3, 2024, 4:15 a.m. | Arash Mazidi, Davide Corradini, Mohammad Ghafari
cs.CR updates on arXiv.org arxiv.org
Abstract: REST APIs have a pivotal role in accessing protected resources within cyberspace. Despite the availability of security testing tools, mass assignment vulnerabilities are common, yielding unauthorized access to sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six …
access api apis arxiv attributes availability cs.cr cyberspace data identify mine mining operations resources rest rest api rest apis role security security testing sensitive sensitive data testing testing tools tools unauthorized unauthorized access vulnerabilities
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Associate Vulnerability Management Specialist
@ Diebold Nixdorf | Hyderabad, Telangana, India
Cybersecurity Architect, Infrastructure & Technical Security
@ KCB Group | Kenya
Security Analyst SOC (m/w/d)
@ Deutsche Telekom | Bonn, Deutschland