0

While doing web application security in startup companies, I am exposed to some backend APIs that integrate with the client web app, but testing APIs is a completely different procedure that I do not yet understand.

I want to know if there are any common vulnerabilities that exist in development or production APIs.

John Deters
  • 33,650
  • 3
  • 57
  • 110
geek
  • 1
  • 2
  • 1
    This may be a useful starting point: https://owasp.org/www-project-api-security/ Also https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html – Fire Quacker May 20 '22 at 15:53
  • Also, "APIs" is too broad a category. Syscalls for a given kernel are an API. Libc (the C standard library) has an API, as do the browser's window and web worker environments for Javascript. In fact, every code library, from OpenSSL to NPM left-pad, has an API. Every RPC server, using everything from ancient DCOM and MSRPC through SOAP to modern gRPC, exposes an API. And - critically - many of them have very different security considerations. It sounds like you're talking about web services, which are security-wise a little like traditional APIs but also significantly like web apps. – CBHacking May 21 '22 at 07:24
  • Yes my reference is Web API which has been so common this days **GraphQL, REST** and others which are least tested, I have made use of these resources including the owasp top 10 api security list. Gratitude – geek May 21 '22 at 12:46

0 Answers0