API Test

API Security Tip

(1) How to find high impact vulnerabilities in the API?                                      
Search for hidden endpoints which are implemented on the API but are not used anywhere.

Such endpoints can be found in JS files, reversing mobile apps, etc.

(2)  API endpoints are mostly not secure against cross site stealing bugs which includes CSRF and CORS. So, test it when you start.

(3)
Testing third party APIs, focus on studying and testing scope permissions instead of performing traditional privilege escalation testing.

(4)
JSON API endpoints are vulnerable to CSRF, just set content-type to `text/plain` and see if it works.

(5) How to test for XXE in the API?

Change content-type in the request to `application/xml` and verify if the application is processing it. If it is processed then you can go on and test for XXE.

(6)
Found an API endpoint used for uploading, change the upload file param to URL and test for SSRF. Many times it can lead you to full blown SSRF.

(7) 
For any json/xml API endpoint, try to change extension to jsonp which may give you data in jsonp format. It can be easily stolen cross site.

Got a big scope?

Take screenshots with EyeWitness and sort them by file size to get the juicy stuff!

Comments

Post a Comment

Popular posts from this blog

How to Use OWASP Amass: An Extensive Tutorial

Image
Author:  Nick Gkogkos Source :- dionach. com The OWASP Amass project   (Amass) can help with this to a large extent depending on your requirements. In this blog post, I will aim to demonstrate how one can use Amass to discover majority of an organisation’s externally exposed assets. The focus will be on performing continuous subdomain discovery exercises. I have broken this blog post into different sections to make it easier to get to grips with the various functions of Amass. It should be noted that there may be assets out there that are not mapped to a domain and you will need to employ other techniques to uncover them, such as running network scans over the IP ranges owned by the organisation. Although I will not fully demonstrate how to use all the functions offered by Amass, I am hoping that this blog will cover enough to give you a kick-start in mastering Amass. Why OWASP Amass? A high number of open-source tools and software are available for enumerating...
Read more

SecLists is the security tester's companion.

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed. This project is maintained by  Daniel Miessler ,  Jason Haddix , and  g0tmi1k . Install Zip wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \ && unzip SecList.zip \ && rm -f SecList.zip Git (Small) git clone --depth 1 https://github.com/danielmiessler/SecLists.git Git (Complete) git clone https://github.com/danielmiessler/SecLists.git Kali Linux  ( Tool Page ) apt -y install seclists Similar Projects https://github.com/danielmiessler/SecLists/tree/master/Fuzzing http...
Read more

Code review to find vulnerabilities in web applications

Perform source code review to find vulnerabilities in web applications. Reviewing code is probably the best way to find vulnerabilities in a web application. It’s a lot faster than black-box testing, and it helps you learn how to program safely in the future by observing the mistakes of others. If you are interested in open-source software, auditing code is also a great way to get involved in the open-source community and help secure the tools you love. Here are a few tricks I’ve learned along the way to audit source code more effectively. Let me know if you have any additional tips for conducting source code reviews. How to look for bugs There are several ways to go about hunting for vulnerabilities in source code. Depending on how thorough you want to be, here are some approaches that you could take. The “I’ll take what I can get” The “I’ll take what I can get” approach works great if you don’t need extensive test coverage. This could be because you have very limited ...
Read more