Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST
Davide Corradini, Mariano Ceccato, Mohammad Ghafari
公開日: 2025/9/12
Abstract
We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity. Empirical results show that AuthREST is effective in improving web API security. Notably, it uncovered previously unknown authentication vulnerabilitiesin in four public APIs.