[Skims] API Module
Problem to solve
We should start to look up vulnerabilities in APIs endpoints and so on.
Intended users
Clients
Permissions and Security
Scan the given endpoint and try to report many as possible vulnerabilities.
Proposal
Work in API (Protect API) module, this module should scan the given endpoint and try to find vulnerabilities according to the API category:
- REST (Representational State Transfer)
- SOAP (Simple Object Access Protocol)
- GraphQL
Test plan
By the moment I'm not sure how can we test it but I'm thinking in something related to BenchmarkJava
:
- Compile the project.
- Start the API testing project in background.
- Run API against the endpoints.
Repositories to test API:
Steps
-
Make sure that the code contributions checklist has been followed.
What does success look like, and how can we measure that?
Links / references
Repos
- openclarity/apiclarity
- zaproxy
- shieldfy/API-Security-Checklist
- m14r41/PentestingEverything
- OWASP Top 10 API Security Risks – 2023
- vulnersCom/burp-vulners-scanner
- vulnersCom/nmap-vulners
Blogs
Edited by Andres Uribe