API: Security (megatask)

Penetration testing will be assessed on the following items API Security: https://owasp.org/www-project-api-security/

• API1:2019 Broken Object Level Authorization
• API2:2019 Broken User Authentication
• API3:2019 Excessive Data Exposure
• #9 API4:2019 Lack of Resources & Rate Limiting
• API5:2019 Broken Function Level Authorization
• API6:2019 Mass Assignment
• #8 API7:2019 Security Misconfiguration
• API8:2019 Injection
• API9:2019 Improper Assets Management
• API10:2019 Insufficient Logging & Monitoring

Review cheat sheets to create additional tasks for API security:

• OWASP: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
• OWASP: https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html
• OWASP: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html