Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework

Publications

Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework

Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework
Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei

Abstract. Broken Object Level Authorization (BOLA) and authentication-related issues are consistently among the most critical vulnerabilities in modern APIs. This paper introduces an LLM-enhanced framework specifically designed to improve security testing against BOLA and authentication vulnerabilities. The framework augments traditional API testing pipelines with Large Language Models that generate context-aware test cases, identify suspicious authorization patterns and propose targeted attack scenarios based on the API specification and observed traffic. Experimental evaluations on representative APIs show that the proposed framework substantially increases the detection rate of BOLA and authentication flaws compared to baseline approaches, while keeping false positive rates manageable.

Keywords: API security; BOLA; authentication; large language models; vulnerability assessment

📋 Cite this publication



Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei, "Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework", Proc. 19th SOCO Int. Conf. on Soft Computing Models in Industrial and Environmental Applications, Springer, 2024, 2023.


Reference: Proc. 19th SOCO Int. Conf. on Soft Computing Models in Industrial and Environmental Applications, Springer, 2024.

Guide in Designing an Asynchronous Performance-Centric Framework for Heterogeneous Microservices in Time-Critical Cybersecurity Applications. The BIECO Use Case

Guide in Designing an Asynchronous Performance-Centric Framework for Heterogeneous Microservices in Time-Critical Cybersecurity Applications. The BIECO Use Case

The generalized traveling salesman problem (GTSP) is an extension of the classical traveling salesman
problem (TSP), and it is among the most researched combinatorial optimization problems due to its theoretical properties, complexity aspects, and real-life applications in various areas: location-routing problems, material flow design problem, distribution of medical supplies, urban waste collection management, airport selection and routing the courier airplanes, image retrieval and ranking, digital garment manufacturing, etc.

read more
Trend-Enabled Recommender System with Diversity Enhancer for Crop Recommendation

Trend-Enabled Recommender System with Diversity Enhancer for Crop Recommendation

,

The generalized traveling salesman problem (GTSP) is an extension of the classical traveling salesman
problem (TSP), and it is among the most researched combinatorial optimization problems due to its theoretical properties, complexity aspects, and real-life applications in various areas: location-routing problems, material flow design problem, distribution of medical supplies, urban waste collection management, airport selection and routing the courier airplanes, image retrieval and ranking, digital garment manufacturing, etc.

read more

Other publications

0 Comments