akto
akto copied to clipboard
akto-api-security
⛏️ Write a test to check whether we can create/update an object with invalid UPI Id
💭 Introduction: We want to test to check whether an attacker can create/update entity with an invalid UPI Id.
🎯 Requirements:
-
Filters - API with UPI ID as an input in GET query parameter or JSON body parameter
-
Execute - It should replace the value with
- special characters
- A very long string (> 255 characters)
- Use whitespaces
- Invalid UPI
- A negative integer
- A very long integer causing integer overflow
- Zero
- NULL
- Validation - If the application responds with a exception trace, it is a vulnerability.
📚 Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here
✅ Task summary:
- [ ] Ask to be assigned to the issue.
- [ ] Wait to be assigned. We will try to assign in less than 2 hours.
- [ ] Signup for Akto
- [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
- [ ] Submit both the PR here.
✌🏻 Hints: You can build the yaml template by referring this link
🙋🏼♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.
Hi!
I would like to be assigned this issue. this is my first time participating in Hacktoberfest, I am a CS undergrad student and would like to contribute
Hi @the1andonlymanojos - Assigned it to you. Good luck 👍 Let me know, happy to come on a call and help 😃
akto-api-security/tests-library#19
is the PR alright? is anything wrong with it?
@the1andonlymanojos
- Test template has some missing fields.
- Refer this template https://github.com/akto-api-security/tests-library/blob/master/Local-File-Inclusion/LFIInParameter.yaml. Instead of copy pasting multiple "req" you can use them once with lists.
- You are just filtering endpoints based on UPI_ID but not extracting them to a variable to be used in execution phase.
Make sure to run the template on a sample API before you make the PR.
