API Pentesting


Play with routes

/files/..%2f..%2f + victim ID + %2f + victim filename

Owasp API Security Top 10

Read this document to learn how to search and exploit Owasp Top 10 API vulnerabilities:

API Security Checklist

List of possible API endpoints

Tools Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output. Another tool for api testing