akto ⛏️ Write a test to check whether we can create/update an object with invalid URLs

⛏️ Write a test to check whether we can create/update an object with invalid URLs

Open arjun-akto opened this issue 2 years ago • 5 comments

💭 Introduction:

We want to test to check whether an attacker can create/update entity with an invalid URL.

🎯 Requirements:

Filters - API with Web URL as an input in GET query parameter or JSON body parameter
Execute - It should replace the value with

special characters
A very long string (> 255 characters)
Use whitespaces
Invalid SSN
A negative integer
A very long integer causing integer overflow
Zero
NULL
Malicious Host URLs
URLs having special Characters, possibly breaking the URL structure when executed internally

Validation - If the application responds with a exception trace, it is a vulnerability.

✅ Task summary:

[ ] Ask to be assigned to the issue.
[ ] Wait to be assigned. We will try to assign in less than 2 hours.
[ ] Signup for [Akto]
[ ] Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
[ ] Submit both the PR here.

📚 Reading

You can find a detailed documentation of test editor rules [here]

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

Oct 13 '23 03:10 arjun-akto

I would love to work on this issue please kindly assign me

Oct 14 '23 06:10 heysagnik

Hi @heysagnik . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

Oct 14 '23 14:10 arjun-akto

Hi @arjun-akto, @heysagnik I would like to contribute to this issue if no one is working on it

Oct 26 '23 19:10 STUDIOUS-WOLF

yeah you may work, I am not getting what actually to be done.

Oct 26 '23 20:10 heysagnik

Hi @STUDIOUS-WOLF , I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

Oct 27 '23 04:10 arjun-akto