BOLA
, BFLA
, IDOR
and Broken Authentication
vulnerabilities.
To do this we require a little bit of configuration on the different resources and actors in your api as well as the permission relationships between them.
This configuration is written in the settings page on the Testing Config
tab.
basic
, header
, jwt
, session_cookie
User
actors or APIKey
actors.
Each actor should have a JSON list of items
in it. Each item should be a dictionary with all the fields relevant to your Actor.
Be sure to add an auth
key in each item so we can authenticate your actor when making requests.
read
or write
permissions
and items
for a resource you can also define the endpoints that use this resource.
Here are a few examples:
Actors
and Resources
using permissions.