Towards Secure APIs: A Survey on RESTful API Vulnerability Detection

Author(s)

Fatima Tanveer, Department of Computer Science, School of Mathematics and Science, Institute of Business Administration, KarachiFollow
Faisal Iradat, Department of Computer Science, School of Mathematics and Science, Institute of Business Administration, KarachiFollow
Waseem Iqbal, Department of Electrical and Computer Engineering, Sultan Qaboos University, Al-Khud, Muscat, OmanFollow
Awais Ahmad, College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh, Saudi ArabiaFollow

Faculty / School

School of Mathematics and Computer Science (SMCS)

Department

Department of Computer Science

Was this content written or created while at IBA?

Yes

Document Type

Article

Source Publication

CMC Computers, Materials & Continua

Keywords

RESTful API, vulnerability detection, API security, taxonomy, systematic review

Disciplines

Cybersecurity | Software Engineering | Theory and Algorithms

Abstract

RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references (IDOR)—to illustrate the evolving risk landscape. Our work systematically reviews state-of-the-art detection methods, including static code analysis and penetration testing, and proposes a novel taxonomy that categorizes vulnerabilities such as authentication and authorization issues. Unlike existing taxonomies focused on general web or network-level threats, our taxonomy emphasizes API-specific design flaws and operational dependencies, offering a more granular and actionable framework for RESTful API security. By critically assessing current detection methodologies and identifying key research gaps, we offer a structured framework that advances the understanding and mitigation of RESTful API vulnerabilities. Ultimately, this work aims to drive significant advancements in API security, thereby enhancing the resilience of web services against evolving cyber threats.

Indexing Information

Web of Science - Science Citation Index Expanded (SCI)

Recommended Citation

Tanveer, F., Iradat, F., Iqbal, W., & Ahmad, A. (2025). Towards Secure APIs: A Survey on RESTful API Vulnerability Detection. CMC Computers, Materials & Continua Retrieved from https://ir.iba.edu.pk/faculty-research-articles/251

Publication Status

Published

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Rights Information

Copyright © 2025 The Authors.

Published by Tech Science Press. This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.