/API-SecurityEmpire

API Security Project aims to present unique attack & defense methods in API Security field

🛡️ API Security Empire


Project Credits: Momen Eldawakhly (Cyber Guy) @ Cypro AB

In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!

🚪 First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:


PDF Version | XMind Version


⚔️ Weapons you will need:

🏋️ Test your abilities and weapons:

🚪 Second gate: {{Attacking}}

Attacking RESTful & SOAP:


PDF Version | XMind Version

Attacking GraphQL:

Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:


PDF Version | XMind Version

While attacking GraphQL, the most important phase is the enumeration of mutations and queries, without which you will not be able to perform full GraphQL testing, to do so, I'm using the Apollo GraphQL Sandbox, Apollo enumerates the queries and mutations, then sorting them in front of you, after that you can chose the action you want to perform using mutations or the data you want to retrive using queries by just chosing them via GUI and Apollo will write down the query automatically. What makes Apollo special is that it's a web based explorer, which means no need to install and you can run it against your local GraphQl too!!

🙏 Special thanks:

📝 License: