# API Security

**Blogs / Articles / Presentations:**

* [https://speakerdeck.com/riyazwalikar/api-security-testing-null-bangalore-janua](https://speakerdeck.com/riyazwalikar/api-security-testing-null-bangalore-january-2020)
* <https://medium.com/@inonst/31-tips-api-security-pentesting-480b5998b765>
* <https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093>
* <https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af>
* <https://labs.detectify.com/2021/08/31/go-fuzz-yourself-how-to-find-more-vulnerabilities-in-apis-through-fuzzing-whitepaper-download/>

**Writeups:**

* <https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view>

**Checklist:**

* <https://github.com/shieldfy/API-Security-Checklist>
* <https://hackanythingfor.blogspot.com/2020/07/api-testing-checklist.html?spref=tw>

**Videos:**

* <https://www.youtube.com/watch?v=gx-eKashKvs&feature=youtu.be>
* <https://www.youtube.com/watch?v=qqmyAxfGV9c&feature=youtu.be>

Tools:

* <https://github.com/ngalongc/openapi_security_scanner>

Tweets:

{% embed url="<https://twitter.com/alra3ees/status/1104694901655126016?s=21>" %}

{% embed url="<https://twitter.com/alra3ees/status/1104695017346662400?lang=en>" %}

{% embed url="<https://twitter.com/alra3ees/status/1104695017346662400?s=21>" %}

{% embed url="<https://twitter.com/ofjaaah/status/1367465923465142272?s=20>" %}

* <https://github.com/dwisiswant0/apkleaks>
*

{% embed url="<https://dsopas.github.io/MindAPI/play/#download-interactive>" %}

[<br>](https://twitter.com/akita_zen/status/1131652331471347712/photo/2)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MkpD_baalEOs3qecS-q%2F-MkpJMwJiC_K6e6TKfqB%2Fimage.png?alt=media\&token=6d973a00-9358-413a-8701-c70276f707f6)

{% embed url="<https://twitter.com/newfolderj/status/1404712486394343425?s=20>" %}

{% embed url="<https://twitter.com/InsiderPhD/status/1269282904653418497?s=20>" %}