Skip to content

API Security Project aims to present unique attack & defense methods in API Security field

Notifications You must be signed in to change notification settings

w3debby/API-SecurityEmpire

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 

Repository files navigation

🛡️ API Security Empire


Project Credits: Momen Eldawakhly (Cyber Guy)

In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!

🚪 First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:



⚔️ Weapons you will need:

🏋️ Test your abilities and weapons:

🚪 Second gate: {{Attacking}}

Attacking RESTful & SOAP:


Attacking GraphQL:

Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:


While attacking GraphQL, the most important phase is the enumeration of mutations and queries, without which you will not be able to perform full GraphQL testing, to do so, I'm using the Apollo GraphQL Sandbox, Apollo enumerates the queries and mutations, then sorting them in front of you, after that you can chose the action you want to perform using mutations or the data you want to retrive using queries by just chosing them via GUI and Apollo will write down the query automatically. What makes Apollo special is that it's a web based explorer, which means no need to install and you can run it against your local GraphQl too!!

🙏 Special thanks:

📝 License:

About

API Security Project aims to present unique attack & defense methods in API Security field

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published