Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework

Publications

Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework

Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework
Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei

Abstract. Broken Object Level Authorization (BOLA) and authentication-related issues are consistently among the most critical vulnerabilities in modern APIs. This paper introduces an LLM-enhanced framework specifically designed to improve security testing against BOLA and authentication vulnerabilities. The framework augments traditional API testing pipelines with Large Language Models that generate context-aware test cases, identify suspicious authorization patterns and propose targeted attack scenarios based on the API specification and observed traffic. Experimental evaluations on representative APIs show that the proposed framework substantially increases the detection rate of BOLA and authentication flaws compared to baseline approaches, while keeping false positive rates manageable.

Keywords: API security; BOLA; authentication; large language models; vulnerability assessment

📋 Cite this publication



Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei, "Enhancing API Security Testing against BOLA and Authentication Vulnerabilities through an LLM-Enhanced Framework", Proc. 19th SOCO Int. Conf. on Soft Computing Models in Industrial and Environmental Applications, Springer, 2024, 2023.


Reference: Proc. 19th SOCO Int. Conf. on Soft Computing Models in Industrial and Environmental Applications, Springer, 2024.

Other publications

0 Comments