A type of attack against an exposed application programming interface (API) is by way of passing invalid input as parameters to API functions. A program application may not properly validate the format or structure of the input, providing a means for an attacker to gain control or access to a system.
Many attackers use a technique called “fuzz” testing to find unvalidated parameters. Attackers automated the generation of invalid input to API functions while monitoring the application for invalid behavior. This makes finding unvalidated parameters trivial.
Currently, to prevent such attacks, the program itself must be updated with a patch that remedies the security breach by adding validation. However, the development of a patch is labor-intensive and can take a long time because, for example, the patch needs to be tested to ensure that the program modification will not create other problems in the program.