English
Related papers

Related papers: OpenAPI Specification Extended Security Scheme: A …

200 papers

RESTful APIs facilitate data exchange between applications, but they also expose sensitive resources to potential exploitation. Broken Object Level Authorization (BOLA) is the top vulnerability in the OWASP API Security Top 10, exemplifies…

Cryptography and Security · Computer Science 2025-07-16 Anbin Wu , Zhiyong Feng , Ruitao Feng , Zhenchang Xing , Yang Liu

Objective. Insecure Direct Object Reference (IDOR) or Broken Object Level Authorization (BOLA) are one of the critical type of access control vulnerabilities for modern applications. As a result, an attacker can bypass authorization checks…

Cryptography and Security · Computer Science 2022-01-27 Alexander Barabanov , Denis Dergunov , Denis Makrushin , Aleksey Teplov

Broken Object Level Authorization (BOLA) is consistently ranked the most critical API security vulnerability, yet the existing literature remains almost entirely conceptual. This paper presents one of the first large-scale empirical…

Cryptography and Security · Computer Science 2026-05-26 Bandana Kaur

APIs (Application Programming Interfaces) or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and…

Cryptography and Security · Computer Science 2025-07-24 Senthilkumar Gopal

Security Application Programming Interfaces (APIs) are crucial for ensuring software security. However, their misuse introduces vulnerabilities, potentially leading to severe data breaches and substantial financial loss. Complex API design,…

Cryptography and Security · Computer Science 2025-05-15 Zahra Mousavi , Chadni Islam , M. Ali Babar , Alsharif Abuadbba , Kristen Moore

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

RESTful APIs are central in developing interoperable, modular, and maintainable software systems in enterprises today. Also, it is essential to support system evolution, service interoperability, and governance across organizational…

Software Engineering · Computer Science 2025-11-25 Edwin Sundberg , Thea Ekmark , Workneh Yilma Ayele

REST APIs, based on the REpresentational State Transfer (REST) architecture, are the primary type of Web API. The OpenAPI Specification (OAS) serves as the de facto standard for describing REST APIs and is crucial for multiple software…

Software Engineering · Computer Science 2026-01-21 Hao Chen , Yunchun Li , Chen Chen , Fengxu Lin , Wei Li

OAuth is the new de facto standard for delegating authorization in the web. An important limitation of OAuth is the fact that it was designed for authorization and not for authentication. The usage of OAuth for authentication thus leads to…

Cryptography and Security · Computer Science 2016-01-08 Vladislav Mladenov , Christian Mainka , Jörg Schwenk

Application Programming Interface (API) Injection attacks refer to the unauthorized or malicious use of APIs, which are often exploited to gain access to sensitive data or manipulate online systems for illicit purposes. Identifying actors…

Cryptography and Security · Computer Science 2025-05-16 Udi Aharon , Ran Dubin , Amit Dvir , Chen Hajaj

AI agents increasingly require direct, structured access to application data and actions, but production deployments still struggle to express and verify the governance properties that matter in practice: least-privilege authorization,…

Cryptography and Security · Computer Science 2026-02-25 Genliang Zhu , Chu Wang , Ziyuan Wang , Zhida Li , Qiang Li

Forced by regulations and industry demand, banks worldwide are working to open their customers' online banking accounts to third-party services via web-based APIs. By using these so-called Open Banking APIs, third-party companies, such as…

Cryptography and Security · Computer Science 2019-02-01 Daniel Fett , Pedram Hosseyni , Ralf Kuesters

Developers require accurate descriptions of REpresentational State Transfer (REST) Application Programming Interfaces (APIs) for a successful interaction between web services. The OpenAPI Specification (OAS) has become the de facto standard…

Software Engineering · Computer Science 2024-11-01 Alexander Lercher , Christian Macho , Clemens Bauer , Martin Pinzger

The Second Payment Services Directive (PSD2) of the European Union aims to create a consumer-friendly financial market by mandating secure and standardised data sharing between banking operators and third parties. Consequently, EU countries…

Cryptography and Security · Computer Science 2025-05-06 Paolo Modesti , Leo Freitas , Qudus Shotomiwa , Abdulaziz Almehrej

The OAuth 2.0 protocol is one of the most widely deployed authorization/single sign-on (SSO) protocols and also serves as the foundation for the new SSO standard OpenID Connect. Despite the popularity of OAuth, so far analysis efforts were…

Cryptography and Security · Computer Science 2019-01-31 Daniel Fett , Ralf Kuesters , Guido Schmitz

APIs are increasingly becoming new business assets for organizations and consequently, API functionality and its pricing should be precisely defined for customers. Pricing is typically composed by different plans that specify a range of…

Software Engineering · Computer Science 2024-06-12 Rafael Fresno-Aranda , Pablo Fernandez , Antonio Gamez-Diaz , Amador Duran , Antonio Ruiz-Cortes

AI agents today have passwords but no permission slips. They execute tool calls (fund transfers, database queries, shell commands, sub-agent delegation) with no standard mechanism to enforce authorization before the action executes. Current…

Cryptography and Security · Computer Science 2026-03-24 Uchi Uchibeke

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful…

Cryptography and Security · Computer Science 2021-05-18 Rodrigo Bonifacio , Stefan Krüger , Krishna Narasimhan , Eric Bodden , Mira Mezini

Implementing a security mechanism on top of APIs requires clear understanding of the semantics of each API, to ensure that security entitlements are enforced consistently and completely across all APIs that could perform the same function…

Cryptography and Security · Computer Science 2023-02-28 Somesh Jha , Mihai Christodorescu , Anh Pham

AI agents and business automation tools interacting with external web services require standardized, machine-readable information about their APIs in the form of API specifications. However, the information about APIs available online is…

‹ Prev 1 2 3 10 Next ›