Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
Apr 9, 2024
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
We are continually expanding our testing capabilities and scaling every day to build the most comprehensive Test Library in API Security. Let’s dig in!
24 New Tests in Broken Object Level Authorization
Broken Object Level Authorization (OWASP API1:2023) is a type of security vulnerability where an attacker can manipulate object identifiers to access unauthorized data. This typically happens when an application provides direct object reference to a user without checking whether they have the necessary permissions or not. These vulnerabilities can lead to unauthorized data disclosure, data modification, and even data loss. Check out the new tests we’ve added here.
30 New Tests in Broken Authentication
Broken Authentication (OWASP API2:2023) is a security vulnerability where an attacker can exploit flaws in an application's authentication or session management functions. These flaws can allow an attacker to impersonate other users or gain unauthorized access to their accounts. This can lead to unauthorized access to sensitive data or even full control over other user's accounts. Being one of the most critical vulnerabilities flagged by OWASP, we thought it was necessary to introduce 30 new tests to cover multiple ways in which it can occur. Try them out with Akto.
16 New Tests in Unrestricted Resource Consumption
Unrestricted Resource Consumption (OWASP API4:2023), also known as a resource exhaustion condition, is a type of security vulnerability that occurs when a system allows an attacker to consume more resources than should be allowed. This could lead to the system becoming slow, unresponsive, or crashing, often resulting in a denial of service. Our new tests aim to identify these vulnerabilities to help protect your system. Find them on Akto.
7 New Tests in Broken Function Level Authorization
Broken Function Level Authorization (BFLA: OWASP API5:2023) is a type of security vulnerability that occurs when a function or process within an application does not properly check the authorization of a user or process before executing.
Testing for BFLA vulnerabilities involves trying to perform actions at different permission levels and observing the responses. If an action that should be restricted can be performed, it indicates a BFLA vulnerability. At Akto, our new tests are designed to identify these types of vulnerabilities by simulating different user permissions and testing function access.
21 New Tests in Server Side Request Forgery (SSRF)
Server Side Request Forgery (SSRF: OWASP API7:2023) is a type of vulnerability that tricks a server into making requests that it should not be making. This can lead to an attacker gaining unauthorized access to internal systems or data. Our new tests aim to detect these vulnerabilities to bolster your system's security.
Final Thoughts
We’ve enhanced our security testing capabilities by introducing new tests across various categories such as BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF. At Akto, we’re constantly trying to expand our testing capabilities, so stay tuned for more! Here are some resources to learn more about these vulnerabilities and get started with API Security testing with Akto:
Keep reading
News
5 mins
Akto Earns 20 Badges in G2’s Winter 2025 Reports for API Security and DAST
We’re thrilled to announce that Akto has been recognized as a High Performer in both API Security and Dynamic Application Security Testing (DAST) in G2’s Winter 2025 Reports.
API Security
8 Minutes
Top 10 Invicti Alternatives in 2025
In this blog, explore the top 10 Invicti Security alternatives and competitors, including key features and comparisons to help you choose the best solution.
API Security
3 minutes
What is API Discovery?
API Discovery helps identify, map, and manage APIs within an organization, ensuring security, performance, and seamless integration across systems.
Experience enterprise-grade API Security solution