Injection: Mass Assignment¶

Identifier: mass_assignment

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Mass assignment vulnerabilities occur when applications automatically assign user-supplied data to objects without filtering unwanted fields, potentially allowing attackers to modify sensitive properties or escalate privileges.

How we test: We send requests with additional properties beyond what is expected and analyze responses to detect if unauthorized fields are accepted and processed. We test for mass assignment vulnerabilities by attempting to set sensitive properties that should not be user-controllable.

Prerequisites:

The target must expose create or update operations with JSON request bodies.
The application must return JSON responses that can be compared after additional fields are submitted.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  mass_assignment:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.