Fuzzing and injection attacks on APIs
Injection attacks on APIs can occur in different ways. In this section, we will explore why they occur and how to test for them in our APIs. We will also explore the art of fuzzing and how, if used ethically, it would be beneficial to our API security.
Fuzzing attacks
Fuzzing is an attack vector that involves sending random, unexpected, and invalid data inputs to an API to trigger vulnerabilities or unexpected behavior. This attack is like playing “what if?” with a system, asking endless hypothetical questions and scenarios to see if anything breaks or behaves unexpectedly. By continuously asking these “what if?” questions (test inputs) through fuzzing, we can find hidden problems in the software that we might not have found otherwise. Fuzzing is an awesome technique that’s used by security teams and vulnerability researchers to discover vulnerabilities in their APIs. However, it can also be leveraged by...
