A GENETIC ALGORITHM-BASED APPROACH FOR DETECTING INJECTION VULNERABILITIES IN APIs
Keywords:
Genetic Algorithms, Web Injection Vulnerabilities, Application Programmable InterfaceAbstract
APIs play an essential role in software development in the modern world, enabling seamless communication between various applications. However, the growing trend in API vulnerabilities, particulalty related to injection raises serious security concerns. This study addresses an important gap in robust testing techniques for identifying and mitigating injection vulnerabilities in RESTful APIs. Existing automated tools have limitations, such as false positives and a lack of accuracy, that require improvement in testing methods. To addresses such security challenges, a new automated test case generation tool based on a Genetic Algorithm (GA) is presented in this study with the aim to improve the precision and accuracy of detecting injection vulnerabilities. Injection attacks, ranked eighth in the list of OWASP API Security Top 10, exploit data to manipulate interpreters, posing a huge threat to web services. Our proposed technique uses GAs that can optimize such complex problems at the highest level to provide useful test cases for maximum coverage and detect injection vulnerabilities sufficiently. The paper begins with a detailed analysis of existing approaches to API security testing and identifying vulnerabilities that are especially related to injection vulnerabilities. A new GA-based algorithm that is specially created to detect injection flaws is conceptualized after a thorough evaluation of the existing tools. The development and testing stages are aimed at ensuring reliability and efficiency, with a specific hardware-software setup being used, the performance of the tool being compared to the existing solutions.
The desired results would be to prove that the tool is highly accurate and effective when it comes to the successful identification of injection vulnerabilities. The study aims to lessen the drawbacks associated with manual testing, while enhancing the quality of testcases, and addressing resource constraints. The proposed tool will provide a proactive protection against each of the injection threats, and the API security will continue to improve. The research continues, and as we proceed, the implementation and assessment of the GA-based tool will be addressed, which will give the developers and testers valuable information to guarantee the security and integrity of web application APIs
