xct's notes
Search…
REST

Testing REST APIs

Documentation Requirements

  • Endpoints
  • Docs
  • Key/Credentials
  • Sample Calls

What to look for

  • Unauthenticated Endpoints
  • Hidden Endpoints
  • Error Messages on Malformed Input
  • Check Mobile APP (might be using legacy API/other Endpoints)
  • HTTP/No HSTS
  • Bruteforce detection (Think Password Reset Token)
  • find old apis e.g. /v3 in use but /v1 exists too

Tools

  • Burp + SoapUI
Last modified 1yr ago
Copy link