name	wstg-apit-00
description	API Testing Overview
category	api-testing
owasp_id	WSTG-APIT-00
version	1.0.0
author	cyberstrike-official
tags	["api","rest","graphql","soap","wstg","apit"]
tech_stack	[]
cwe_ids	[]
chains_with	[]
prerequisites	[]
severity_boost	{}

Tool	Description
Postman	API testing and documentation
Burp Suite	API traffic interception
OWASP ZAP	Automated API scanning
Insomnia	API client
GraphQL Voyager	GraphQL visualization

ID	Vulnerability
API1	Broken Object Level Authorization (BOLA)
API2	Broken Authentication
API3	Broken Object Property Level Authorization
API4	Unrestricted Resource Consumption
API5	Broken Function Level Authorization (BFLA)
API6	Unrestricted Access to Sensitive Business Flows
API7	Server Side Request Forgery (SSRF)
API8	Security Misconfiguration
API9	Improper Inventory Management
API10	Unsafe Consumption of APIs

name	wstg-apit-00
description	API Testing Overview
category	api-testing
owasp_id	WSTG-APIT-00
version	1.0.0
author	cyberstrike-official
tags	["api","rest","graphql","soap","wstg","apit"]
tech_stack	[]
cwe_ids	[]
chains_with	[]
prerequisites	[]
severity_boost	{}

Tool	Description
Postman	API testing and documentation
Burp Suite	API traffic interception
OWASP ZAP	Automated API scanning
Insomnia	API client
GraphQL Voyager	GraphQL visualization

wstg-apit-00

このリポジトリの他の Skills

このリポジトリの他の Skills

wstg-apit-00

Test ID

Test Name

High-Level Description

API Types

REST APIs

GraphQL APIs

SOAP APIs

What to Check

Authentication & Authorization

Input Validation

Data Protection

How to Test

Step 1: API Discovery

Step 2: API Enumeration

Step 3: Authentication Testing

Step 4: Basic API Security Checker

Tools

OWASP API Security Top 10 (2023)

References

Checklist

wstg-apit-00

Test ID

Test Name

High-Level Description

API Types

REST APIs

GraphQL APIs

SOAP APIs

What to Check

Authentication & Authorization

Input Validation

Data Protection

How to Test

Step 1: API Discovery

Step 2: API Enumeration

Step 3: Authentication Testing

Step 4: Basic API Security Checker

Tools

OWASP API Security Top 10 (2023)

References

Checklist