Abstract
Abstract: REST APIs are used by the majority of modern cloud and web services. This paper explains how an attacker can take advantage of REST API flaws to gain access to a service. We introduce four new security rules that take advantage of REST API’s and then demonstrate how a stateful REST API fuzzer can be extended with active property checkers that automatically test and identify violations of these rules. Then we talk about how to implement such checkers in both ways modularly and efficiently. Using these tools, we discovered new bugs in a number of production Azure and Office365 cloud services and discussed their security implications and resolve all these issues
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
