API Security

Blogs / Articles / Presentations:

• https://speakerdeck.com/riyazwalikar/api-security-testing-null-bangalore-janua

• https://medium.com/@inonst/31-tips-api-security-pentesting-480b5998b765

• https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093

• https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af

• https://labs.detectify.com/2021/08/31/go-fuzz-yourself-how-to-find-more-vulnerabilities-in-apis-through-fuzzing-whitepaper-download/

Writeups:

• https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view

Checklist:

• https://github.com/shieldfy/API-Security-Checklist

• https://hackanythingfor.blogspot.com/2020/07/api-testing-checklist.html?spref=tw

Videos:

• https://www.youtube.com/watch?v=gx-eKashKvs&feature=youtu.be

• https://www.youtube.com/watch?v=qqmyAxfGV9c&feature=youtu.be

Tools:

• https://github.com/ngalongc/openapi_security_scanner

Tweets:

• https://github.com/dwisiswant0/apkleaks

Play with it livedsopas.github.io