Modern web applications and software
systems have shifted to relying on RESTful APIs, which
are more susceptible to security threats such as injection
attacks, authentication attacks, and data breaches. This
article discusses the difficulties of performing security
testing on RESTful APIs, such as input validation,
authentication, and authorisation. It has been identified
that vulnerabilities that affect security configuration
include insufficient logging, faulty object-level
authorisation, asset management, faulty function-level
authorisation, and mass assignment. It concludes by
summarising the findings and offering suggestions for
maintaining the security of RESTful APIs using previous
research studies.
Keywords :
API security testing; RESTful APIs; Security challenges; API security vulnerabilities; Security testing techniques; API security practices.