Self-curated dataset for automated detection of broken access control in REST API endpoints using AI-based testing agents

This item contains the self-curated dataset used in the study titled “Automated detection of broken access control in REST API endpoints using AI-based testing agents.” The dataset was assembled to support automated security testing of REST API endpoints in an Employee Self Service (ESS) application, with a focus on detecting Insecure Direct Object Reference (IDOR) and Broken Object Level Authorization (BOLA) vulnerabilities. The dataset includes structured system artifacts used by the testing agent to generate and execute authorization test scenarios, including API specifications, role definitions, permission mappings, and RBAC relationships.

本数据集为《基于AI智能体的REST API端点访问控制失效自动化检测》研究中所采用的自研自建数据集。该数据集旨在支撑员工自助服务（Employee Self Service, ESS）应用中REST API端点的自动化安全测试，重点聚焦于检测不安全直接对象引用（Insecure Direct Object Reference, IDOR）与对象级权限控制失效（Broken Object Level Authorization, BOLA）两类漏洞。 数据集包含测试智能体用于生成并执行授权测试场景的结构化系统工件，具体涵盖API规范、角色定义、权限映射关系以及基于角色的访问控制（Role-Based Access Control, RBAC）关联关系。