Automatic protection from BOLA attacks
Broken Object Level Authorization (BOLA), also known as Insecure Direct Object References (IDOR), is number one in OWASP API Security Top 10 list. Facebook, Verizon, T-Mobile, Microsoft, and Google are among the companies which have been breached via this vulnerability.
When an application includes an BOLA / IDOR vulnerability, it has a strong probability of exposing sensitive information or data to attackers. All the attackers need to do is exchange the ID of their own resource in the API call with an ID of a resource belonging to another user. Thus, every API endpoint that receives an ID of an object and performs any type of action on the object can be an attack target.
In order to protect your application from BOLA, you need to know all endpoints which can be the target of this vulnerability. This is where Wallarm API Discovery comes in. This module analyzes the structure of your application and finds endpoints in which the object ID is passed. Wallarm automatically creates a trigger to protect endpoints which are most likely to be victims of a BOLA attack. The trigger monitors the number of requests to a specified endpoint and creates a BOLA attack event when trigger thresholds are exceeded.
The trigger for protection from BOLA requires Wallarm Node version 4.2 and higher.
See the Wallarm documentation for more details.