API vulnerabilities: current status and dependencies

Abstract

Recently API (Application Programming Interface) is becoming more popular for developers. When software is designed, most of the time, developers need to use APIs to manage a specific task. Developers use various kinds of APIs. Some of them are built by themselves and some are used from public APIs. API is a set of functions and procedures that allows another program or application to get access to features or data. Public APIs are open in public networks; developers collect these APIs depending on their specific needs. Developers need to interact with other software, as a result, a developer can conduct specific task without authorization to access the entirety of the software. It definitely reduces our loads at the same time introduces risks. In the end every developer wants to ensure security to his/her application. Commonly used public APIs are not enough secure to provide security to confidential data. We focused on these public APIs that are commonly used by developers. We tested a set of public APIs in our security lab and we have found many vulnerabilities that are highly alarming for developers who are going to use these API. In this paper we have tried to introduce the current status of vulnerable APIs. Moreover, several relationships exist between API vulnerabilities. In this paper we have also discussed the dependencies and relationships between API vulnerabilities.