search

API Pentesting

hashtag
Tricks

hashtag
Play with routes

/files/..%2f..%2f + victim ID + %2f + victim filename

hashtag
Owasp API Security Top 10

Read this document to learn how to search and exploit Owasp Top 10 API vulnerabilities: https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdfarrow-up-right

hashtag
API Security Checklist

LogoGitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your APIGitHubchevron-right

hashtag
List of possible API endpoints

https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743darrow-up-right

hashtag
Tools

https://github.com/imperva/automatic-api-attack-toolarrow-up-right: Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

https://github.com/flipkart-incubator/Astraarrow-up-right: Another tool for api testing

上一页JSP下一页Buckets

最后更新于