Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
5 mins
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
We are continually expanding our testing capabilities and scaling every day to build the most comprehensive Test Library in API Security. Let’s dig in!
24 New Tests in Broken Object Level Authorization
Broken Object Level Authorization (OWASP API1:2023) is a type of security vulnerability where an attacker can manipulate object identifiers to access unauthorized data. This typically happens when an application provides direct object reference to a user without checking whether they have the necessary permissions or not. These vulnerabilities can lead to unauthorized data disclosure, data modification, and even data loss. Check out the new tests we’ve added here.
30 New Tests in Broken Authentication
Broken Authentication (OWASP API2:2023) is a security vulnerability where an attacker can exploit flaws in an application's authentication or session management functions. These flaws can allow an attacker to impersonate other users or gain unauthorized access to their accounts. This can lead to unauthorized access to sensitive data or even full control over other user's accounts. Being one of the most critical vulnerabilities flagged by OWASP, we thought it was necessary to introduce 30 new tests to cover multiple ways in which it can occur. Try them out with Akto.
Monthly product updates in your inbox. No spam.
16 New Tests in Unrestricted Resource Consumption
Unrestricted Resource Consumption (OWASP API4:2023), also known as a resource exhaustion condition, is a type of security vulnerability that occurs when a system allows an attacker to consume more resources than should be allowed. This could lead to the system becoming slow, unresponsive, or crashing, often resulting in a denial of service. Our new tests aim to identify these vulnerabilities to help protect your system. Find them on Akto.
7 New Tests in Broken Function Level Authorization
Broken Function Level Authorization (BFLA: OWASP API5:2023) is a type of security vulnerability that occurs when a function or process within an application does not properly check the authorization of a user or process before executing.
Testing for BFLA vulnerabilities involves trying to perform actions at different permission levels and observing the responses. If an action that should be restricted can be performed, it indicates a BFLA vulnerability. At Akto, our new tests are designed to identify these types of vulnerabilities by simulating different user permissions and testing function access.
21 New Tests in Server Side Request Forgery (SSRF)
Server Side Request Forgery (SSRF: OWASP API7:2023) is a type of vulnerability that tricks a server into making requests that it should not be making. This can lead to an attacker gaining unauthorized access to internal systems or data. Our new tests aim to detect these vulnerabilities to bolster your system's security.
Final Thoughts
We’ve enhanced our security testing capabilities by introducing new tests across various categories such as BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF. At Akto, we’re constantly trying to expand our testing capabilities, so stay tuned for more! Here are some resources to learn more about these vulnerabilities and get started with API Security testing with Akto:
Keep reading
News
7 mins
March Product News: 98 New Tests, Dynamic wordlists, and more
This edition of Akto’s newsletter is packed with new features and tests that will greatly decrease your API Security testing time and increase targeted testing.
Product updates
5 mins
Detailed Errors on Postman and Swagger File Import
Akto now replays APIs to automatically get data during an import of Postman and Swagger files and transparently displays reasons why each specific API couldn't be replayed in the case of an error.
Product updates
5 mins
3 New Ways to Detect Improper API Inventory, OWASP API9:2023
Akto has introduced new features related to Improper Inventory Management that allow you to organize your inventory with tags and recognize hidden APIs to better your security testing.