ThreatNG Security

View Original

Broken Object Property Level Authorization (API)

Threat NG Staff

In API security, Broken Object Property Level Authorization (BOPLA) refers to a vulnerability where an API fails to appropriately control access to individual properties within an object it exposes. It means that unauthorized users can view, modify, or delete sensitive data within these objects without permission to access the entire object.

Here's a breakdown of the critical aspects involved:

  • Object: An object represents an API data structure containing various properties with specific values. (e.g., a "user" object might have properties like "name," "email," and "role").

  • Property Level Authorization: This refers to the security mechanism that controls access to individual properties within an object.

  • Broken: This indicates that the authorization mechanism is flawed and allows unauthorized access to specific properties.

Imagine an API that exposes user information like name, email, and address. While users may only have permission to view their name, a BOPLA vulnerability allows them to access and modify other users' email addresses.

How Attackers Exploit Broken Object Property Level Authorization:

Attackers can exploit BOPLA vulnerabilities in several ways:

  • Predictable Property Names: If property names are predictable (e.g., "user_id" + incrementing number), attackers might manipulate them to access unauthorized data about other users.

  • Insufficient Validation: Weak input validation can allow attackers to inject special characters or manipulate requests to access properties they shouldn't be able to see.

  • Privilege Escalation: In some cases, attackers might exploit BOPLA to access sensitive properties that grant them higher privileges within the system.

Consequences of Broken Object Property Level Authorization:

BOPLA vulnerabilities can have serious consequences, including:

  • Data Breaches: Attackers might exploit BOPLA to access sensitive information like personally identifiable information (PII) or financial data.

  • Account Takeover: In some cases, attackers might exploit BOPLA to access properties, allowing them to control other users' accounts.

  • Disruption of Service: Attackers might modify sensitive properties within objects, potentially disrupting normal API operations.

Preventing Broken Object Property Level Authorization:

Here are some ways to avoid Broken Object Property Level Authorization vulnerabilities:

  • Least Privilege: Implement the principle of least privilege, granting users access only to the specific object properties they need for their designated tasks.

  • Fine-Grained Access Control: Enforce granular access controls that differentiate between read, write, and delete permissions for individual object properties.

  • Input Validation: Implement robust input validation to prevent manipulation of requests and unauthorized access attempts.

  • API Security Testing: Conduct security testing to identify Broken Object Property Level Authorization vulnerabilities in your APIs.

By following these practices, you can significantly reduce the risk of BOPLA vulnerabilities and ensure your APIs have proper authorization checks for each property within exposed objects.

Discovery: The Foundation for Secure APIs

  • Identifying External APIs: ThreatNG excels at discovering external APIs with which your programs interact. You can only address BOPLA vulnerabilities if you're aware of the data structures and properties exposed by these APIs.

EASM and DRP: Building Knowledge

  • External Threat Monitoring: EASM continuously monitors the external landscape for newly discovered vulnerabilities and potential BOPLA threats. This helps you stay informed about evolving attack techniques that exploit weaknesses in object-level authorization.

  • Digital Risk Protection: DRP provides valuable insights about common BOPLA vulnerabilities and best practices for securing access control to individual data properties within API objects. This knowledge empowers you to prioritize security efforts based on the specific APIs.

Collaboration is Key: ThreatNG and Complementary Tools

ThreatNG works seamlessly with other security solutions to create a robust defense against BOPLA vulnerabilities. Here's a positive handoff example:

  1. ThreatNG Discovers External APIs: ThreatNG discovers external APIs and the data structures (objects) they expose.

  2. Handoff to API Security Testing Tools: This information is passed on to dedicated API security testing tools, such as DAST (Dynamic Application Security Testing) solutions.

  3. Focused Testing for Property-Level Access: These tools analyze the API's behavior and identify weaknesses in controlling access to individual properties within objects. They can simulate various scenarios to test if unauthorized users can access specific properties they shouldn't have permission for.

  4. Remediation and Continuous Monitoring: Developers address identified BOPLA vulnerabilities in the API, and ThreatNG's EASM continues monitoring for new threats.

Beyond Discovery: A Holistic View

While ThreatNG focuses on the discovery, a comprehensive approach goes further:

  • DRP Insights: ThreatNG's DRP can provide insights into specific BOPLA vulnerabilities associated with popular data formats or libraries used within the discovered APIs. This knowledge empowers security testers to tailor their analysis beyond just core functionalities. For example, DRP might reveal known vulnerabilities in API libraries that can lead to insecure handling of object properties.

  • Security Champions: ThreatNG can integrate with Secure Development Lifecycle (SDL) tools. By highlighting potential BOPLA risks in discovered APIs, ThreatNG can encourage developers to consider property-level authorization from the beginning and write code that enforces granular access controls based on specific data needs.

A strong security posture relies on collaboration. ThreatNG acts as the initial scout, discovering external APIs and the objects they expose. It then works with API security testing tools, security teams, and developers to create a layered defense that minimizes the risk of BOPLA vulnerabilities. By proactively identifying potential risks and collaborating with other tools, ThreatNG helps you ensure your APIs have secure access controls for each data property within exposed objects.