testing-api-for-mass-assignment-vulnerability
CommunityDetect and test mass assignment vulnerabilities in APIs.
AuthorRenzo-Tognella
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill detects and tests mass assignment vulnerabilities in APIs, helping ensure that users cannot modify object properties they should not have access to.
Core Features & Use Cases
- Vulnerability Detection: Tests APIs for mass assignment vulnerabilities where clients can modify object properties through auto-binding.
- Endpoint Testing: Identifies writable endpoints and verifies if all client-supplied properties are bound to the data model without an allowlist.
- Privileged Fields: Checks if users can set privileged attributes such as role, permissions, pricing, and balance through update endpoints.
- ORM Testing: Validates if server-side input validation restricts writeable properties per user role, particularly for ORMs that auto-bind request parameters to database models.
- Use Case: Utilize this Skill to test APIs built with ORMs or RESTful services to ensure they are secure against mass assignment attacks, which can lead to role elevation or data manipulation.
Quick Start
Use the 'testing-api-for-mass-assignment-vulnerability' skill to scan the '/api/v1' endpoint for mass assignment vulnerabilities.
Dependency Matrix
Required Modules
requestsjson
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: testing-api-for-mass-assignment-vulnerability Download link: https://github.com/Renzo-Tognella/UniversalThingsForMyAgents/archive/main.zip#testing-api-for-mass-assignment-vulnerability Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.