API Pentesting Notes.

Notes on following topics.

├── Lesson-1
|  ├── 1-Introduction       
|  └── 2-Notes detail Index (Needs more editing at end)
|   
├── Lesson-2
|  └── 1-Finding Hidden endpoints
|
├── Lesson-3
|  └── 1-Privilege Escalation Attack       
|      ├── 1-Role Based Testing
|      └── 2-Privacy Based Testing
|
├── Lesson-4
|  └── 1-Session Misconfiguration       
|      └── 1-4 Test Cases
|
├── Lesson-5
|  ├── 1-XML Attacks cookie/token based       
|  └── 2-Internal External XML Test Scripts
|
├── Lesson-6
|  ├── 1-CSRF Testing  
|
├── Lesson-7 Online LABS
|  ├── 1- http://demo.testfire.net/swagger/index.html
|  └── 2- http://rest.vulnweb.com/

Links for further learning:

Part 1
https://medium.datadriveninvestor.com/api-security-testing-part-1-b0fc38228b93

Part 2
https://saumyaprakashrana-51250.medium.com/api-security-testing-part-2-67ae9fb9c12

omkar-ukirde/api-pentesting

API Pentesting Notes.

Notes on following topics.