API Pentesting Notes.

Notes on following topics.

├── Lesson-1
|  ├── 1-Introduction       
|  └── 2-Notes detail Index (Needs more editing at end)
|   
├── Lesson-2
|  └── 1-Finding Hidden endpoints
|
├── Lesson-3
|  └── 1-Privilege Escalation Attack       
|      ├── 1-Role Based Testing
|      └── 2-Privacy Based Testing
|
├── Lesson-4
|  └── 1-Session Misconfiguration       
|      └── 1-4 Test Cases
|
├── Lesson-5
|  ├── 1-XML Attacks cookie/token based       
|  └── 2-Internal External XML Test Scripts
|
├── Lesson-6
|  ├── 1-CSRF Testing  
|
├── Lesson-7 Online LABS
|  ├── 1- http://demo.testfire.net/swagger/index.html
|  └── 2- http://rest.vulnweb.com/

Links for further learning:

Part 1
https://medium.datadriveninvestor.com/api-security-testing-part-1-b0fc38228b93

Part 2
https://saumyaprakashrana-51250.medium.com/api-security-testing-part-2-67ae9fb9c12

Playground for learning
https://www.akto.io/test/access-control-bypass-by-changing-request-method-to-head

Name		Name	Last commit message	Last commit date
Latest commit History 194 Commits
Lesson 1		Lesson 1
Lesson 2		Lesson 2
Lesson 3		Lesson 3
Lesson 4		Lesson 4
Lesson 5		Lesson 5
README.md		README.md
_config.yml		_config.yml
cors-secret-method.png		cors-secret-method.png
csrf-testing-methodology.md		csrf-testing-methodology.md
final-csrf-methodology.png		final-csrf-methodology.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

API Pentesting Notes.

Notes on following topics.

About

Releases

Packages

omkar-ukirde/api-pentesting

Folders and files

Latest commit

History

Repository files navigation

API Pentesting Notes.

Notes on following topics.

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages