Vulnérabilités d'APIs REST: Etude Systématique de la Littérature et Proposition d'une Taxonomie

Défense de mémoire de Lucas Pisuto

REST APIs play a central role in modern web systems, facilitating integration and communication between different applications. However, this ubiquity comes with numerous 
vulnerabilities that can affect system security. Despite the growing attention to API security, a notable gap in the literature exists: the absence of a formal and systematic classification of 
their specific vulnerabilities. Current knowledge often remains fragmented or limited to pragmatic lists that are not based on a comprehensive analysis of academic research. This 
master thesis aims to fill this gap by proposing a rigorous taxonomy of REST APIs vulnerabilities, developed from a systematic analysis of scientific publications. By adopting a 
Systematic Mapping Study (SMS) approach, we were able to identify and classify vulnerabilities into distinct categories. This taxonomy not only highlights vulnerabilities 
frequently used in the literature (such as XSS, CSRF or SQL injections), but also reveals those that are still little addressed, thus presenting the blind spots of current research. It offers 
a structured view of the major risk areas (authentication, access control, configuration, etc.) and is an essential tool for researchers and practitioners wishing to more effectively identify, 
prioritize and consolidate vulnerabilities specific to this type of API.

Keywords : REST, API, Vulnerability, Taxonomy, Systematic Mapping Study

Contact : Isabelle Daelman - isabelle.daelman@unamur.be
Télecharger : vCal