{"id":"https://openalex.org/W4412151941","doi":"https://doi.org/10.32604/cmc.2025.067536","title":"Towards Secure APIs: A Survey on RESTful API Vulnerability Detection","display_name":"Towards Secure APIs: A Survey on RESTful API Vulnerability Detection","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4412151941","doi":"https://doi.org/10.32604/cmc.2025.067536"},"language":"en","primary_location":{"id":"doi:10.32604/cmc.2025.067536","is_oa":true,"landing_page_url":"https://doi.org/10.32604/cmc.2025.067536","pdf_url":null,"source":{"id":"https://openalex.org/S4210191605","display_name":"Computers, materials & continua/Computers, materials & continua (Print)","issn_l":"1546-2218","issn":["1546-2218","1546-2226"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers, Materials &amp; Continua","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://doi.org/10.32604/cmc.2025.067536","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055681199","display_name":"Fatima Tanveer","orcid":"https://orcid.org/0000-0003-2219-6289"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Fatima Tanveer","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001100883","display_name":"Faisal Iradat","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Faisal Iradat","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032009749","display_name":"Waseem Iqbal","orcid":"https://orcid.org/0000-0002-3616-2621"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Waseem Iqbal","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5100716653","display_name":"Awais Ahmad","orcid":"https://orcid.org/0000-0001-5483-2732"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Awais Ahmad","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5055681199"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.1339,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.96126972,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"84","issue":"3","first_page":"4223","last_page":"4257"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5857533812522888},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5453810095787048},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40670526027679443},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.37044757604599},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32182830572128296}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5857533812522888},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5453810095787048},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40670526027679443},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.37044757604599},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32182830572128296}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.32604/cmc.2025.067536","is_oa":true,"landing_page_url":"https://doi.org/10.32604/cmc.2025.067536","pdf_url":null,"source":{"id":"https://openalex.org/S4210191605","display_name":"Computers, materials & continua/Computers, materials & continua (Print)","issn_l":"1546-2218","issn":["1546-2218","1546-2226"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers, Materials &amp; Continua","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.32604/cmc.2025.067536","is_oa":true,"landing_page_url":"https://doi.org/10.32604/cmc.2025.067536","pdf_url":null,"source":{"id":"https://openalex.org/S4210191605","display_name":"Computers, materials & continua/Computers, materials & continua (Print)","issn_l":"1546-2218","issn":["1546-2218","1546-2226"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers, Materials &amp; Continua","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W2122868670","https://openalex.org/W2979826702","https://openalex.org/W3016970378","https://openalex.org/W3030941702","https://openalex.org/W3216530455","https://openalex.org/W4207071804","https://openalex.org/W4220739176","https://openalex.org/W4284670904","https://openalex.org/W4362678300","https://openalex.org/W4365130681","https://openalex.org/W4366590727","https://openalex.org/W4386027284","https://openalex.org/W4387004106","https://openalex.org/W4388483057","https://openalex.org/W4391642335","https://openalex.org/W4392122658","https://openalex.org/W4401111492","https://openalex.org/W4407638716","https://openalex.org/W4407823559","https://openalex.org/W4410408833","https://openalex.org/W4410637580","https://openalex.org/W4411449726"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"RESTful":[0,39,65,156,182],"APIs":[1,40],"have":[2,26],"been":[3],"adopted":[4],"as":[5,79,87,124],"the":[6,35,52,97,177,198],"standard":[7],"way":[8],"of":[9,38,57,181,200],"developing":[10],"web":[11,32,58,135,201],"services,":[12],"allowing":[13],"for":[14,155],"smooth":[15],"communication":[16],"between":[17],"clients":[18],"and":[19,24,55,90,112,115,126,145,152,165,179],"servers.":[20],"Their":[21],"simplicity,":[22],"scalability,":[23],"compatibility":[25],"made":[27],"them":[28],"crucial":[29],"to":[30,46,189],"modern":[31],"environments.":[33],"However,":[34],"increased":[36],"adoption":[37],"has":[41],"simultaneously":[42],"exposed":[43],"these":[44],"interfaces":[45],"significant":[47,191],"security":[48],"threats":[49],"that":[50,120,175],"jeopardize":[51],"availability,":[53],"confidentiality,":[54],"integrity":[56],"services.":[59],"This":[60],"survey":[61],"focuses":[62],"exclusively":[63],"on":[64,133],"APIs,":[66],"providing":[67],"an":[68],"in-depth":[69],"perspective":[70],"distinct":[71],"from":[72],"studies":[73],"addressing":[74],"other":[75],"API":[76,157,183,194],"types":[77],"such":[78,123],"GraphQL":[80],"or":[81,136],"SOAP.":[82],"We":[83],"highlight":[84],"concrete":[85],"threats\u2014such":[86],"injection":[88],"attacks":[89],"insecure":[91],"direct":[92],"object":[93],"references":[94],"(IDOR)\u2014to":[95],"illustrate":[96],"evolving":[98,204],"risk":[99],"landscape.":[100],"Our":[101],"work":[102,187],"systematically":[103],"reviews":[104],"state-of-the-art":[105],"detection":[106,163],"methods,":[107],"including":[108],"static":[109],"code":[110],"analysis":[111],"penetration":[113],"testing,":[114],"proposes":[116],"a":[117,149,172],"novel":[118],"taxonomy":[119,140],"categorizes":[121],"vulnerabilities":[122],"authentication":[125],"authorization":[127],"issues.":[128],"Unlike":[129],"existing":[130],"taxonomies":[131],"focused":[132],"general":[134],"network-level":[137],"threats,":[138],"our":[139],"emphasizes":[141],"API-specific":[142],"design":[143],"flaws":[144],"operational":[146],"dependencies,":[147],"offering":[148],"more":[150],"granular":[151],"actionable":[153],"framework":[154,174],"security.":[158],"By":[159],"critically":[160],"assessing":[161],"current":[162],"methodologies":[164],"identifying":[166],"key":[167],"research":[168],"gaps,":[169],"we":[170],"offer":[171],"structured":[173],"advances":[176],"understanding":[178],"mitigation":[180],"vulnerabilities.":[184],"Ultimately,":[185],"this":[186],"aims":[188],"drive":[190],"advancements":[192],"in":[193],"security,":[195],"thereby":[196],"enhancing":[197],"resilience":[199],"services":[202],"against":[203],"cyber":[205],"threats.":[206]},"counts_by_year":[{"year":2026,"cited_by_count":2}],"updated_date":"2026-04-11T08:14:18.477133","created_date":"2025-10-10T00:00:00"}