Useful Links
Computer Science
Cybersecurity
Web Application Penetration Testing
1. Introduction to Web Application Penetration Testing
2. Foundational Web Technologies
3. The Penetration Testing Methodology
4. Setting Up a Testing Environment
5. Information Gathering and Application Mapping
6. Server-Side Vulnerabilities
7. Client-Side Vulnerabilities
8. Authentication and Session Management Testing
9. Application Logic Testing
10. Web Services and API Security Testing
11. Advanced Attack Techniques
12. Reporting and Remediation
Web Services and API Security Testing
API Architecture Understanding
REST API Fundamentals
Resource Identification
HTTP Method Usage
Stateless Communication
HATEOAS Principles
SOAP Web Services
WSDL Analysis
SOAP Message Structure
WS-Security Implementation
GraphQL APIs
Schema Definition
Query Structure
Mutation Operations
Subscription Mechanisms
gRPC Services
Protocol Buffer Analysis
Service Definition
Streaming Operations
API Discovery and Enumeration
Endpoint Discovery
Documentation Analysis
Directory Brute-Forcing
Parameter Fuzzing
Version Enumeration
Schema Introspection
GraphQL Introspection
OpenAPI Specification
WSDL Enumeration
API Versioning Analysis
Version Identification
Backward Compatibility
Deprecated Endpoint Testing
Common API Vulnerabilities
Broken Object Level Authorization
IDOR in API Endpoints
Resource Access Control
User Context Validation
Broken User Authentication
API Key Management
Token-Based Authentication
OAuth Implementation Flaws
Excessive Data Exposure
Response Filtering Issues
Sensitive Data Leakage
Information Disclosure
Lack of Resources and Rate Limiting
Request Rate Testing
Resource Consumption
Denial of Service
Broken Function Level Authorization
Administrative Function Access
Privilege Escalation
Method-Based Authorization
Mass Assignment
Parameter Pollution
Object Property Injection
Data Binding Vulnerabilities
Security Misconfiguration
CORS Policy Issues
HTTP Method Configuration
Error Handling
Injection Vulnerabilities
SQL Injection in APIs
NoSQL Injection
Command Injection
Improper Assets Management
API Inventory Management
Deprecated API Versions
Documentation Accuracy
Insufficient Logging and Monitoring
Audit Trail Analysis
Security Event Detection
Incident Response
API Testing Methodologies
Authentication Testing
API Key Validation
JWT Token Analysis
OAuth Flow Testing
Session Management
Authorization Testing
Role-Based Access Control
Attribute-Based Access Control
Resource-Level Permissions
Input Validation Testing
Parameter Fuzzing
Data Type Validation
Boundary Value Testing
Malformed Request Handling
Business Logic Testing
Workflow Validation
State Management
Transaction Integrity
Error Handling Analysis
Error Message Information Disclosure
Exception Handling
Graceful Degradation
API Security Tools and Techniques
Automated API Testing
OWASP ZAP API Testing
Burp Suite API Testing
Postman Security Testing
API Fuzzing Tools
RESTler
API Fuzzer
Swagger Fuzzer
GraphQL Testing Tools
GraphQL Voyager
InQL Scanner
GraphQL Cop
Custom Script Development
Python API Testing Scripts
JavaScript API Testing
Bash Script Automation
Previous
9. Application Logic Testing
Go to top
Next
11. Advanced Attack Techniques