Skip to content

Latest commit

 

History

History
36 lines (25 loc) · 1.52 KB

File metadata and controls

36 lines (25 loc) · 1.52 KB

api-security-notes

Study notes on API-layer vulnerabilities, aligned to the OWASP API Security Top 10 (2023).

Built on the two APIsec University courses I've completed (linked below) and reinforced by hands-on lab practice.

OWASP API Top 10 (2023)

  • API1:2023 — Broken Object Level Authorization
  • API2:2023 — Broken Authentication
  • API3:2023 — Broken Object Property Level Authorization
  • API4:2023 — Unrestricted Resource Consumption
  • API5:2023 — Broken Function Level Authorization
  • API6:2023 — Unrestricted Access to Sensitive Business Flows
  • API7:2023 — Server Side Request Forgery
  • API8:2023 — Security Misconfiguration
  • API9:2023 — Improper Inventory Management
  • API10:2023 — Unsafe Consumption of APIs

Each item links to a dedicated writeup once complete.

Tooling

  • Burp Suite Community — primary
  • Postman — pre-flight API surface discovery
  • httpx and ffuf — enumeration
  • nuclei — template-based scanning

Credentials that back this work


Repository is updated as I re-review each Top-10 category during my Burp Practitioner prep window (Jul – Sept 2026).