English

Mining REST APIs for Potential Mass Assignment Vulnerabilities

Cryptography and Security 2024-05-07 v2

Abstract

REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.

Cite

@article{arxiv.2405.01111,
  title  = {Mining REST APIs for Potential Mass Assignment Vulnerabilities},
  author = {Arash Mazidi and Davide Corradini and Mohammad Ghafari},
  journal= {arXiv preprint arXiv:2405.01111},
  year   = {2024}
}

Comments

EASE 2024

R2 v1 2026-06-28T16:13:42.807Z