API / SECURITY
API Security Testing
In-depth assessment of REST and GraphQL APIs. Testing for broken object authorization (BOLA/IDOR), broken authentication, excessive data exposure, mass assignment, and injection vulnerabilities using OWASP API Top 10.
Methodology
01
API discovery and endpoint enumeration
02
Authentication mechanism review
03
Authorization bypass (BOLA/IDOR) testing
04
Input validation and injection testing
05
Rate limiting and business logic assessment
