🛡️ API Security Empire

In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!

🚪 First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:

⚔️ Weapons you will need:

• BurpSuite
• FFUF
• Arjun
• Postman
• SecLists
• FuzzDB
• SoapUI
• GraphQL Voyager
• Kiterunner
• unfurl

🥷 Test your abilities and weapons:

• vapi
• Generic-University

🚪 Second gate: {{Attacking}}

Attacking RESTful & SOAP:

Attacking GraphQL:

Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:

🙏 Special thanks:

• roottusk
• Portswigger
• Tomnomnom
• assetnote
• danielmiessler
• InsiderPhD
• ffuf
• OWASP

📝 License:

Our HACKERS! 🐱‍💻

• Lucas Lundgren Twitter LinkedIn
• Momen Eldawakhly (CyberGuy) Twitter LinkedIn