Vulnerability-oriented Testing for RESTful APIs

Watch a conference presentation from USENIX Security '24 exploring an innovative framework called VOAPI2 for detecting security vulnerabilities in RESTful APIs. Learn how researchers from Shanghai Jiao Tong University and QI-ANXIN Technology Group developed a vulnerability-oriented testing approach that leverages API functionality patterns to identify potential security issues. Discover how the framework tracks commonly used strings as keywords, generates targeted request sequences, and employs feedback-based testing to verify vulnerabilities. See how VOAPI2 successfully uncovered 7 zero-day and 19 disclosed bugs across real-world RESTful APIs, with 23 receiving CVE IDs, demonstrating significant improvements over existing testing methods.