detecting-broken-object-property-level-authorization
CommunityDetect API property-level access gaps.
Software Engineering#authorization#api-security#security-testing#mass-assignment#bopla#owasp-api3#object-property
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Broken Object Property Level Authorization (BOPLA) testing helps detect when API endpoints leak properties or allow mass-assignment, enabling attackers to read or modify data beyond their privileges. This Skill provides structured procedures to identify excessive data exposure and mass assignment vulnerabilities, across REST and GraphQL endpoints.
Core Features & Use Cases
- Detect excessive data exposure by comparing API responses to a safe expected field set.
- Test for mass assignment by injecting extra fields and verifying whether they are applied.
- GraphQL property exposure checks and comprehensive vulnerability reporting for SOC/blue-team.
Quick Start
Run the detector against your API endpoints to identify BOPLA issues and generate findings.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-broken-object-property-level-authorization Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#detecting-broken-object-property-level-authorization Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.