A framework for checking and mitigating the security vulnerabilities of cloud service RESTful APIs

Exploiting APIs by extrapolating out the vulnerabilities of a system is a trending issue for the cloud. The aftermath of API attacks includes sensitive data disclosure, misconfigured security parameters, broken authentication schemes, service disruption, financial loss, etc. Existing frameworks could handle a maximum of two issues in most cases (i.e., SQLIA, XSS attacks, malicious domain, DDoS attacks), and those solutions are not highly reliable. In contrast to them, we have pinpointed the security vulnerabilities of RESTful APIs in an accurate manner and presented a two-way approach to mitigate them. Moreover, we have also designed and implemented a reverse proxy that is capable of not only intercepting malicious attacks but also checking security properties upon creating or deleting resources which is an improved implementation of existing works. This system has been tested in a real cloud and our work has shown tremendous improvement in checking and mitigating SQL injection attacks, XSS attacks, and malicious domains over existing works. To check these three components, our framework consumes only 0.050298469 s (Average). Our system has also shown significant improvement in figuring out potential security rule violations (up to 48.90