Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
5 mins
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
We are continually expanding our testing capabilities and scaling every day to build the most comprehensive Test Library in API Security. Let’s dig in!
24 New Tests in Broken Object Level Authorization
Broken Object Level Authorization (OWASP API1:2023) is a type of security vulnerability where an attacker can manipulate object identifiers to access unauthorized data. This typically happens when an application provides direct object reference to a user without checking whether they have the necessary permissions or not. These vulnerabilities can lead to unauthorized data disclosure, data modification, and even data loss. Check out the new tests we’ve added here.
30 New Tests in Broken Authentication
Broken Authentication (OWASP API2:2023) is a security vulnerability where an attacker can exploit flaws in an application's authentication or session management functions. These flaws can allow an attacker to impersonate other users or gain unauthorized access to their accounts. This can lead to unauthorized access to sensitive data or even full control over other user's accounts. Being one of the most critical vulnerabilities flagged by OWASP, we thought it was necessary to introduce 30 new tests to cover multiple ways in which it can occur. Try them out with Akto.
16 New Tests in Unrestricted Resource Consumption
Unrestricted Resource Consumption (OWASP API4:2023), also known as a resource exhaustion condition, is a type of security vulnerability that occurs when a system allows an attacker to consume more resources than should be allowed. This could lead to the system becoming slow, unresponsive, or crashing, often resulting in a denial of service. Our new tests aim to identify these vulnerabilities to help protect your system. Find them on Akto.
7 New Tests in Broken Function Level Authorization
Broken Function Level Authorization (BFLA: OWASP API5:2023) is a type of security vulnerability that occurs when a function or process within an application does not properly check the authorization of a user or process before executing.
Testing for BFLA vulnerabilities involves trying to perform actions at different permission levels and observing the responses. If an action that should be restricted can be performed, it indicates a BFLA vulnerability. At Akto, our new tests are designed to identify these types of vulnerabilities by simulating different user permissions and testing function access.
21 New Tests in Server Side Request Forgery (SSRF)
Server Side Request Forgery (SSRF: OWASP API7:2023) is a type of vulnerability that tricks a server into making requests that it should not be making. This can lead to an attacker gaining unauthorized access to internal systems or data. Our new tests aim to detect these vulnerabilities to bolster your system's security.
Final Thoughts
We’ve enhanced our security testing capabilities by introducing new tests across various categories such as BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF. At Akto, we’re constantly trying to expand our testing capabilities, so stay tuned for more! Here are some resources to learn more about these vulnerabilities and get started with API Security testing with Akto:
Keep reading
API Security
8 minutes
Security Information and Event Management (SIEM)
SIEM aggregates and analyzes security data across an organization to detect, monitor, and respond to potential threats in real time.
News
8 mins
Akto Recognized as a High Performer in G2’s Fall 2024 Reports for API Security and DAST
We’re proud to announce that Akto has been named a High Performer in both the API Security and Dynamic Application Security Testing (DAST) in G2’s Fall 2024 reports.
Product updates
5 minutes
Introducing Akto Code: Automated API Discovery from source Code
Akto Code is the new addition to Akto's API Discovery suite, complementing our existing capabilities for traffic source analysis in production and lower environments.