SECURITY ANALYSIS OF THE XYZ ANDRIOD APPLICATION USING THE OWASP API TOP 10 METHODOLOGY (2023)

  • Roni Reza Abdullah
  • andi Suprianto
  • Riadi Marta Dinata

Abstract

Application Programming Interface (API) is an important element in application development. APIs are prime targets for attacks because they expose sensitive data. Penetration Testing is an important preventive measure to identify weaknesses and data leaks that may be caused by APIs. Open Web Application Security Project (OWASP) API Top 10 2023 is an API security testing standard. The results of testing many vulnerabilities occur in Broken Object Level Authorization (BOLA), the impact is in the form of changes, disclosure and deletion of data, the way to fix it is to change the object ID to a Universally Unique Identifier (UUID). Keywords : Application Programming Interface (API), Broken Object Level Authorization (BOLA), Open Web Application Security Project (OWASP), Identifier (ID), Universally Unique Identifier (UUID).
Published
2024-12-31
Issue
Vol 13 No 2 (2024): INCOMTECH Jurnal Penelitian Teknologi Informatika Dan Komunikasi (volume 13 no.2 Desember 2024)
Section
Artikel