API Security Assessment
API security assessment is a type of software testing that checks the security measures of an API. It helps to ensure that the API is protected against potential threats, attacks, and vulnerabilities.
API security
Phase 1
Identification of in-scope API integrations.
Phase 2
Identification of security weaknesses and vulnerabilities in the API.
Phase 3
Perform in-depth vulnerability assessment as per OWASP methodology:
- Broken Object Level Authorization
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization
- Unrestricted Access to Sensitive Business Flow
- Server-Side Request Forgery
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
Phase 4
Exploit, gather sensitive data and Identification and exploitation of security weaknesses
Phase 5
Reporting the identified and exploited vulnerabilities with recommendations.
Deliverables
API Security Assessment Report with details about the observation, risk severity, business impact and recommendation.