NAUTILUS: Automated RESTful API Vulnerability Detection

Aug 9, 2023ยท
Gelei Deng
Gelei Deng
,
Zhiyi Zhang
,
Yuekang Li
,
Yi Liu
,
Tianwei Zhang
,
Yang Liu
,
Guo Yu
,
Dongjin Wang
ยท 1 min read
Abstract
RESTful APIs have become the de facto standard for web service communication, yet their security remains a critical concern. This work presents NAUTILUS, an automated framework for detecting vulnerabilities in RESTful APIs. NAUTILUS employs a novel approach combining static analysis with dynamic testing to identify security flaws including injection attacks, authentication bypasses, and authorization issues.
Type
Publication
32nd USENIX Security Symposium (USENIX Security 23)

NAUTILUS introduces an automated approach to RESTful API vulnerability detection, addressing a critical gap in web security testing. The framework combines static specification analysis with intelligent dynamic fuzzing to discover security vulnerabilities in modern web APIs.

Web Security API Security Vulnerability Detection Security Testing
Gelei Deng
Authors
Gelei Deng