Vulnerabilities

At this point, your search for vulnerabilities begins. Now that you’re interacting with the API, you should be able to find information disclosures, security misconfigurations, excessive data exposures, and business logic flaws, all without too much technical finesse.

When you start exploiting API vulnerabilities, be sure to track which headers, unique status codes, documentation, or other hints were handed to you by the API provider.

PreviousEndpoint analysisNextFinding Information Disclosures

Last updated