XSEVERITY — Offensive Cybersecurity, Sarajevo
BS Senad Cavkusic
OPERATIONAL
API / SECURITY

API Security Testing

In-depth assessment of REST and GraphQL APIs. Testing for broken object authorization (BOLA/IDOR), broken authentication, excessive data exposure, mass assignment, and injection vulnerabilities using OWASP API Top 10.

Methodology
01
API discovery and endpoint enumeration
02
Authentication mechanism review
03
Authorization bypass (BOLA/IDOR) testing
04
Input validation and injection testing
05
Rate limiting and business logic assessment
Request This Service
Back to all services