31 Tips — API Security & Pentesting
To welcome the new year, we published a daily tip on API Security during the month of January 2020.
We started this project because we wanted to help developers, security engineers and pentesters learn about API security and API pentesting.
We realize it’s not easy to find resources in these fields, so this is only one project among many others yet to come :)
Don’t forget to follow us on Twitter (@InonShkedy and @Traceable.ai)!
31 API tips - chronological order, raw format
One of our followers, Smodnix, compiled all the tips into a GitHub repository:
Thank you Smodnix 😊!
31 API tips + categories & statistics
I created a detailed spreadsheet including statistics (# of likes/retweets), and separated the tips into the following categories:
Authorization (6 tips) | Authentication (1 tip) | CSRF (1 tip) | Data Exposure (1 tip) | DoS (1 tip) | Injection (4 tips) | Mass Assignment (2 tips) | What to do if you got stuck during a pentest (12 tips) |Tools (1 tip)
You can use filters and find what are the tips that gained the most traction:
The Best Tip for Pentesters
The best tip I can give you as a pentester:
If you get stuck during a project and are unsure of what else to do, take a break, go to the beach and come back with new ideas.
To inspire you, here’s a photo of my good friend, Charmander, at the OWASP conference in Santa Monica:
