API Pentest

Application Programming Interface (API) endpoints expose your business core services to your applications and your partners as well. Whether they are used by web, mobile or thick client applications – vulnerabilities present in the API endpoints have security implications on all of them. The API Pentest is based on the latest OWASP API Security project which covers the most common and high impact security issues known for APIs.

Testing Approach

  • Broken Object Level Authorization
  • Broken User Authentication
  • Excessive Data Exposure
  • Lack of Resources & Rate Limiting
  • Broken Function Level Authorization
  • Mass Assignment
  • Security Misconfiguration
  • Injection Attacks
  • Improper Assets Management
  • Insufficient Logging & Monitoring

Business Case

Coming soon.

About me

My name is Andrei Agape, I’m an offensive security researcher and freelancer with several years of experience working for companies in Europe, Asia and USA.

Several of my qualifications and achievements include:

  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Professional (CRTP)
  • Certified Red Team Azure Professional (CRTAP)
  • Researcher and member of Synack Red Team
  • Azure Cloud Contributor at hackingthe.cloud
  • Mentor and trainer on Mentorcruise
  • Guest lecturer for the Board of European Students of Technology (BEST)


book a free 1 hour meeting