Find authentication (authn) and authorization (authz) security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 #1 – Broken Access Control 2021 OWASP Top 10 #7 – Identification and Authentication Failures (formerly Broken Authentication) 2023 OWASP API Top 10 #1 – Broken Object Level Authorization 2023 OWASP API Top 10 #2 – Broken Authentication 2023 OWASP API Top 10 #5 – Broken Function Level Authorization 2023 CWE Top 25 #11 – CWE-862: Missing Authorization 2023 CWE Top 25 #13 – CWE-287: Improper Authentication 2023 CWE Top 25 #20 – CWE-306: Missing Authentication for Critical Function 2023 CWE Top 25 #24 – CWE-863: Incorrect Authorization Supported web frameworks (route-detect IDs in parentheses): Python: Django (django, django-rest-framework), Flask (flask), Sanic (sanic) PHP: Laravel (laravel), Symfony (symfony), CakePHP (cakephp) Ruby: Rails* (rails), Grape (grape) Java: JAX-RS (jax-rs), Spring (spring) Go: Gorilla (gorilla), Gin (gin), Chi (chi) JavaScript/TypeScript: Express (express), React (react), Angular (angular) *Rails support is limited. Please see this issue for more information. Installing Use pip to install route-detect: $ python -m pip install –upgrade route-detect You can check that route-detect is installed correctly with the following command: $ echo 'print(1 == 1)' |…Read More