Application Programming Interface (API) endpoints expose your business core services to your applications and your partners as well. Whether they are used by web, mobile or thick client applications – vulnerabilities present in the API endpoints have security implications on all of them. The API Pentest is based on the latest OWASP API Security project which covers the most common and high impact security issues known for APIs.
Testing Approach
- Broken Object Level Authorization
- Broken User Authentication
- Excessive Data Exposure
- Lack of Resources & Rate Limiting
- Broken Function Level Authorization
- Mass Assignment
- Security Misconfiguration
- Injection Attacks
- Improper Assets Management
- Insufficient Logging & Monitoring
Deliverables
- Scoping meeting
- Statement of work
- Automated scanning
- Manual pentesting
- Technical report
- Executive summary
- Presentation meeting
- Retest of mitigations
> TRIPLA SECURITY 