Comprehensive API security review against OWASP API Security Top 10 (2023). Use when reviewing OpenAPI/Swagger specs, auditing REST/GraphQL/gRPC implementations, testing authentication mechanisms, or checking API gateway configurations. Covers BOLA/IDOR, broken auth, mass assignment, rate limiting, SSRF, and more with real-world attack scenarios.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Comprehensive API security review against OWASP API Security Top 10 (2023). Use when reviewing OpenAPI/Swagger specs, auditing REST/GraphQL/gRPC implementations, testing authentication mechanisms, or checking API gateway configurations. Covers BOLA/IDOR, broken auth, mass assignment, rate limiting, SSRF, and more with real-world attack scenarios.
license
CC-BY-4.0
API Security Review
Perform comprehensive API security assessment following plays/api-security-review.md.
Steps
Discovery & Reconnaissance
Parse OpenAPI/Swagger specs or scan code for endpoints
Identify authentication mechanisms (JWT, OAuth 2.0, API keys, mTLS)
Map API gateway and middleware configurations
Enumerate all API versions and deprecated endpoints