Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
5 mins
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
We are continually expanding our testing capabilities and scaling every day to build the most comprehensive Test Library in API Security. Let’s dig in!
24 New Tests in Broken Object Level Authorization
Broken Object Level Authorization (OWASP API1:2023) is a type of security vulnerability where an attacker can manipulate object identifiers to access unauthorized data. This typically happens when an application provides direct object reference to a user without checking whether they have the necessary permissions or not. These vulnerabilities can lead to unauthorized data disclosure, data modification, and even data loss. Check out the new tests we’ve added here.
30 New Tests in Broken Authentication
Broken Authentication (OWASP API2:2023) is a security vulnerability where an attacker can exploit flaws in an application's authentication or session management functions. These flaws can allow an attacker to impersonate other users or gain unauthorized access to their accounts. This can lead to unauthorized access to sensitive data or even full control over other user's accounts. Being one of the most critical vulnerabilities flagged by OWASP, we thought it was necessary to introduce 30 new tests to cover multiple ways in which it can occur. Try them out with Akto.
16 New Tests in Unrestricted Resource Consumption
Unrestricted Resource Consumption (OWASP API4:2023), also known as a resource exhaustion condition, is a type of security vulnerability that occurs when a system allows an attacker to consume more resources than should be allowed. This could lead to the system becoming slow, unresponsive, or crashing, often resulting in a denial of service. Our new tests aim to identify these vulnerabilities to help protect your system. Find them on Akto.
7 New Tests in Broken Function Level Authorization
Broken Function Level Authorization (BFLA: OWASP API5:2023) is a type of security vulnerability that occurs when a function or process within an application does not properly check the authorization of a user or process before executing.
Testing for BFLA vulnerabilities involves trying to perform actions at different permission levels and observing the responses. If an action that should be restricted can be performed, it indicates a BFLA vulnerability. At Akto, our new tests are designed to identify these types of vulnerabilities by simulating different user permissions and testing function access.
21 New Tests in Server Side Request Forgery (SSRF)
Server Side Request Forgery (SSRF: OWASP API7:2023) is a type of vulnerability that tricks a server into making requests that it should not be making. This can lead to an attacker gaining unauthorized access to internal systems or data. Our new tests aim to detect these vulnerabilities to bolster your system's security.
Final Thoughts
We’ve enhanced our security testing capabilities by introducing new tests across various categories such as BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF. At Akto, we’re constantly trying to expand our testing capabilities, so stay tuned for more! Here are some resources to learn more about these vulnerabilities and get started with API Security testing with Akto:
Keep reading
API Security
3 minutes
What is API Discovery?
API Discovery helps identify, map, and manage APIs within an organization, ensuring security, performance, and seamless integration across systems.
API Security
5 minutes
Top 10 DAST Tools in 2024
DAST tools secure web apps by identifying vulnerabilities through automated security testing.
API Security
8 minutes
Security Information and Event Management (SIEM)
SIEM aggregates and analyzes security data across an organization to detect, monitor, and respond to potential threats in real time.
Experience enterprise-grade API Security solution