Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
5 mins
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
We are continually expanding our testing capabilities and scaling every day to build the most comprehensive Test Library in API Security. Let’s dig in!
24 New Tests in Broken Object Level Authorization
Broken Object Level Authorization (OWASP API1:2023) is a type of security vulnerability where an attacker can manipulate object identifiers to access unauthorized data. This typically happens when an application provides direct object reference to a user without checking whether they have the necessary permissions or not. These vulnerabilities can lead to unauthorized data disclosure, data modification, and even data loss. Check out the new tests we’ve added here.
30 New Tests in Broken Authentication
Broken Authentication (OWASP API2:2023) is a security vulnerability where an attacker can exploit flaws in an application's authentication or session management functions. These flaws can allow an attacker to impersonate other users or gain unauthorized access to their accounts. This can lead to unauthorized access to sensitive data or even full control over other user's accounts. Being one of the most critical vulnerabilities flagged by OWASP, we thought it was necessary to introduce 30 new tests to cover multiple ways in which it can occur. Try them out with Akto.
Monthly product updates in your inbox. No spam.
16 New Tests in Unrestricted Resource Consumption
Unrestricted Resource Consumption (OWASP API4:2023), also known as a resource exhaustion condition, is a type of security vulnerability that occurs when a system allows an attacker to consume more resources than should be allowed. This could lead to the system becoming slow, unresponsive, or crashing, often resulting in a denial of service. Our new tests aim to identify these vulnerabilities to help protect your system. Find them on Akto.
7 New Tests in Broken Function Level Authorization
Broken Function Level Authorization (BFLA: OWASP API5:2023) is a type of security vulnerability that occurs when a function or process within an application does not properly check the authorization of a user or process before executing.
Testing for BFLA vulnerabilities involves trying to perform actions at different permission levels and observing the responses. If an action that should be restricted can be performed, it indicates a BFLA vulnerability. At Akto, our new tests are designed to identify these types of vulnerabilities by simulating different user permissions and testing function access.
21 New Tests in Server Side Request Forgery (SSRF)
Server Side Request Forgery (SSRF: OWASP API7:2023) is a type of vulnerability that tricks a server into making requests that it should not be making. This can lead to an attacker gaining unauthorized access to internal systems or data. Our new tests aim to detect these vulnerabilities to bolster your system's security.
Final Thoughts
We’ve enhanced our security testing capabilities by introducing new tests across various categories such as BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF. At Akto, we’re constantly trying to expand our testing capabilities, so stay tuned for more! Here are some resources to learn more about these vulnerabilities and get started with API Security testing with Akto:
Keep reading
News
6 mins
April Product News: API Access Type-Based Testing, Removing Bad Endpoints, and more
This edition of Akto’s newsletter talks about changes to your dashboard and tests that think about your API Security Testing from a 360-degree view.
Product updates
5 mins
Akto Tests: Are your Private APIs vulnerable to the Public?
Akto now lets you conduct API Security testing based on the Access Type of an API Endpoint.
News
7 mins
March Product News: 98 New Tests, Dynamic wordlists, and more
This edition of Akto’s newsletter is packed with new features and tests that will greatly decrease your API Security testing time and increase targeted testing.