OpenAPI Specification Extended Security Scheme: A method to reduce the prevalence of Broken Object Level Authorization. (arXiv:2212.06606v1 [cs.CR])

APIs have become the prominent technology of choice for achieving
inter-service communications. The growth of API deployments has driven the
urgency in addressing its lack of security standards. API Security is a topic
for concern given the absence of standardized authorization in the OpenAPI
standard, improper authorization opens the possibility for known and unknown
vulnerabilities, which in the past years have been exploited by malicious
actors resulting in data loss. This paper examines the number one vulnerability
in API Security: …

authorization broken object level authorization object openapi openapi specification security