testing-api-for-mass-assignment-vulnerability

Community

Detect and test mass assignment vulnerabilities in APIs.

AuthorRenzo-Tognella
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill detects and tests mass assignment vulnerabilities in APIs, helping ensure that users cannot modify object properties they should not have access to.

Core Features & Use Cases

  • Vulnerability Detection: Tests APIs for mass assignment vulnerabilities where clients can modify object properties through auto-binding.
  • Endpoint Testing: Identifies writable endpoints and verifies if all client-supplied properties are bound to the data model without an allowlist.
  • Privileged Fields: Checks if users can set privileged attributes such as role, permissions, pricing, and balance through update endpoints.
  • ORM Testing: Validates if server-side input validation restricts writeable properties per user role, particularly for ORMs that auto-bind request parameters to database models.
  • Use Case: Utilize this Skill to test APIs built with ORMs or RESTful services to ensure they are secure against mass assignment attacks, which can lead to role elevation or data manipulation.

Quick Start

Use the 'testing-api-for-mass-assignment-vulnerability' skill to scan the '/api/v1' endpoint for mass assignment vulnerabilities.

Dependency Matrix

Required Modules

requestsjson

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: testing-api-for-mass-assignment-vulnerability
Download link: https://github.com/Renzo-Tognella/UniversalThingsForMyAgents/archive/main.zip#testing-api-for-mass-assignment-vulnerability

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.