API Security Testing: The Challenges of Security Testing for Restful APIs

Modern web applications and software systems have shifted to relying on RESTful APIs, which are more susceptible to security threats such as injection attacks, authentication attacks, and data breaches. This article discusses the difficulties of performing security testing on RESTful APIs, such as input validation, authentication, and authorisation. It has been identified that vulnerabilities that affect security configuration include insufficient logging, faulty object-level authorisation, asset management, faulty function-level authorisation, and mass assignment. It concludes by summarising the findings and offering suggestions for maintaining the security of RESTful APIs using previous research studies