Web API Tests
- Penetration test
- Black Box
- Grey Box
- White Box
- Information Disclosure
- Broken Object Level Authorization (BOLA)
- Broken User Authentication
- Excessive Data Exposure
- Lack of Resources and Rate Limiting
- Broken Function Level Authorization (BFLA)
- Mass Assignment
- Security Misconfiguration
- Injection Flaws
- Improper Assets Management
- Business Logic Flaws (BLF)
- Kali Linux
-
Burp Suite
-
[Proxy]-
[Intercept]-[Open Browser]Chromium
-
-
[Intruder]-
[Positions]-
Attack type- Sniper
- Battering ram
- Pitchfork
- Cluster bomb
-
[Payloads]
-
-
- Google Chrome
-
Postman
-
HTTP[Params][Authorization][Headers][Body]-
[Scripts]- Pre-request
- Post-response
[Settings]- Code snippet
Code
-
Collection- Public collections
- Collection Runner
-
Environment-
Variable- Type
- Initial value
- Current value
-
-
