Integrity Failures in APIs

Integrity failures in APIs occur when an application fails to properly validate or enforce data integrity, allowing attackers to manipulate critical data structures, tamper with business logic, or bypass validation mechanisms. This vulnerability category encompasses several related issues including improper input validation, missing integrity checks, and weak cryptographic protections.

At its core, integrity failure means the API cannot guarantee that data remains unaltered and trustworthy throughout its lifecycle. Attackers exploit these weaknesses to modify data in transit, inject malicious payloads, or cause the application to process invalid or corrupted information.

Common manifestations include:

• Missing or weak input validation allowing malformed data
• Lack of cryptographic integrity checks for sensitive data
• Improper serialization/deserialization handling
• Business logic manipulation through parameter tampering
• Race conditions affecting data consistency

Integrity failures can have devastating consequences across multiple attack vectors. An attacker might modify critical parameters to escalate privileges, bypass payment systems, or manipulate inventory quantities in e-commerce applications.

Consider a banking API that processes transactions without proper integrity checks. An attacker could modify transaction amounts, account numbers, or even the transaction type itself. Without cryptographic signatures or proper validation, the API might process fraudulent transfers as legitimate requests.

Another common scenario involves API endpoints that accept JSON or XML payloads without proper schema validation. Attackers can craft malformed payloads that cause the application to behave unexpectedly, potentially leading to data corruption, information disclosure, or remote code execution through deserialization attacks.

Race conditions represent another integrity failure vector. When APIs don't properly handle concurrent operations, attackers can exploit timing windows to manipulate shared resources, leading to inventory manipulation, double-spending, or inconsistent state changes.

Business logic manipulation is particularly dangerous. An e-commerce API might allow attackers to modify discount codes, shipping costs, or tax calculations by tampering with request parameters, effectively giving themselves free products or services.

Detecting integrity failures requires both manual testing and automated scanning. Look for APIs that lack proper input validation, accept arbitrary data structures, or don't verify the authenticity of requests.

middleBrick's integrity failure detection scans APIs for several critical indicators:

• Missing input validation on critical parameters
• Lack of cryptographic integrity checks for sensitive data
• Improper handling of serialized data structures
• Business logic vulnerabilities through parameter manipulation
• Race condition opportunities in concurrent operations

The scanner tests APIs by submitting malformed inputs, attempting parameter tampering, and checking for proper validation responses. It also analyzes the API's behavior when processing unexpected data types or structures.

For example, middleBrick would test whether an API properly validates JSON schema before processing requests, whether it uses cryptographic signatures for sensitive operations, and whether it handles concurrent requests safely without data corruption.

Key detection indicators include:

• API accepts invalid or malformed input without proper error handling
• Missing or weak validation on critical business parameters
• Lack of integrity checks on sensitive data modifications
• Improper handling of concurrent state changes
• Business logic that can be manipulated through parameter tampering

Preventing integrity failures requires a defense-in-depth approach with multiple validation layers and proper security controls.

Input Validation: Implement strict input validation using JSON Schema, XML Schema, or custom validation rules. Never trust client-side validation alone.

// Example: JSON Schema validation for user data
const userSchema = {
  type: 'object',
  properties: {
    id: { type: 'integer' },
    email: { type: 'string', format: 'email' },
    role: { type: 'string', enum: ['user', 'admin'] }
  },
  required: ['id', 'email', 'role']
};

function validateUser(data) {
  const { error } = userSchema.validate(data);
  if (error) {
    throw new Error(`Invalid user data: ${error.message}`);
  }
  return data;
}

Cryptographic Integrity: Use cryptographic signatures or MACs for sensitive operations. Implement HMAC for API requests that modify critical data.

// Example: HMAC signature for API requests
const crypto = require('crypto');

function generateSignature(payload, secret) {
  return crypto.createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
}

function verifySignature(payload, signature, secret) {
  const expected = generateSignature(payload, secret);
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

Business Logic Protection: Implement server-side business logic validation that cannot be bypassed through parameter manipulation. Use atomic operations for state changes.

// Example: Atomic inventory update with validation
async function purchaseItem(itemId, userId, quantity) {
  // Validate business rules
  if (quantity <= 0) {
    throw new Error('Invalid quantity');
  }
  
  // Use database transactions for atomic operations
  const client = await db.connect();
  try {
    await client.query('BEGIN');
    
    // Check inventory atomically
    const result = await client.query(
      'SELECT quantity FROM inventory WHERE id = $1 FOR UPDATE',
      [itemId]
    );
    
    if (result.rows[0].quantity < quantity) {
      throw new Error('Insufficient inventory');
    }
    
    // Update inventory atomically
    await client.query(
      'UPDATE inventory SET quantity = quantity - $1 WHERE id = $2',
      [quantity, itemId]
    );
    
    // Process payment
    await processPayment(userId, itemId, quantity);
    
    await client.query('COMMIT');
    return { success: true };
  } catch (error) {
    await client.query('ROLLBACK');
    throw error;
  } finally {
    await client.release();
  }
}

Concurrency Control: Implement proper locking mechanisms and use database transactions to prevent race conditions.

Logging and Monitoring: Implement comprehensive logging for all data modifications and monitor for suspicious patterns.

Integrity failures have caused significant real-world damage across multiple industries. The 2017 Equifax breach, while primarily an authentication failure, was exacerbated by improper input validation that allowed attackers to execute arbitrary commands on vulnerable servers.

In 2020, a major e-commerce platform suffered losses when attackers exploited inventory integrity failures to manipulate product quantities and bypass payment systems. The vulnerability allowed customers to purchase items at incorrect prices by tampering with request parameters.

CVE-2021-27850 demonstrated how improper deserialization in a popular Java framework could lead to remote code execution when APIs accepted untrusted serialized objects without proper validation.

Financial institutions frequently face integrity failure attacks where criminals manipulate transaction parameters to bypass fraud detection systems. These attacks often involve parameter tampering to modify amounts, account numbers, or transaction types.

The 2022 Log4Shell vulnerability (CVE-2021-44228) showed how improper input handling and lack of integrity checks in logging systems could lead to remote code execution across millions of applications.

Supply chain integrity failures have also caused major disruptions. Attackers have manipulated API parameters to change shipping addresses, modify product specifications, or bypass quality control checks, leading to financial losses and reputational damage.