"The most dangerous API vulnerabilities today aren't just basic injection attacks or malformed requests that a WAF can easily detect. They are logic flaws, perfectly valid HTTP requests that meet the protocol and application spec but defy the business logic."
"Last year, Cloudflare launched BOLA vulnerability detection for API Shield. This tool automatically spots vulnerabilities by passively scanning customer traffic for any unusual patterns."
"The issue with traditional DAST tools is their high barrier to entry. They can be difficult to set up and often need manual uploads of Swagger/OpenAPI files."
"Cloudflare believes that finding authorization flaws works best by viewing the API as a call graph instead of a simple list of endpoints."
Cloudflare has launched an open beta for its Web and API Vulnerability Scanner, part of the API Shield platform. The initial focus is on Broken Object Level Authorization (BOLA), a critical vulnerability in the OWASP API Top 10. Traditional DAST tools face challenges with setup and modern login flows. Cloudflare's tool aims to simplify detection by analyzing API call graphs, enhancing the identification of authorization flaws. Future updates will expand coverage to include other vulnerabilities like SQL injection and cross-site scripting.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]