Login
Download
Skills Soft Skills API Security Testing Router

API Security Testing Router

v20260506
api-sec
This skill serves as the central entry point for comprehensive API security testing. It guides testers to systematically categorize and prioritize potential vulnerabilities by focusing on core dimensions such as documentation review (Recon), object-level authorization (BOLA), token integrity (JWT), and complex data structures (GraphQL/Hidden Params). Use this as the initial step when assessing a new REST or GraphQL endpoint.
API Security Testing Authorization JWT GraphQL Recon Router
Get Skill
258 downloads
Overview

API Security Router

This is the routing entry point for API security testing.

Use this skill first to decide whether the API issue is mostly recon/docs, object authorization, token trust, or GraphQL/hidden parameters, then route to a deeper topic skill.

When to Use

  • The target exposes REST APIs, mobile backends, or GraphQL endpoints
  • You need to define API testing order before going into specific topics
  • You want to handle object authorization, JWT, GraphQL, and hidden fields as separate tracks

Skill Map

Quick Triage

Observation Route
Swagger or OpenAPI is present api-recon-and-docs
IDs appear in URL, JSON, headers, or GraphQL args api-authorization-and-bola
JWT token visible in traffic api-auth-and-jwt-abuse
/graphql or batched JSON arrays are present graphql-and-hidden-parameters
Registration, login, or profile updates accept extra fields api-authorization-and-bola then api-auth-and-jwt-abuse

Recommended Flow

  1. Start with exposed endpoints and documentation assets
  2. Then evaluate object-level and function-level authorization
  3. Then evaluate token, header, signature, and rate-limit boundaries
  4. If GraphQL or complex JSON is present, continue with hidden fields and schema abuse

Related Categories

Info
Category Soft Skills
Name api-sec
Version v20260506
Size 2.33KB
Source yaklang/hack-skills
Updated At 2026-05-08
Language
简体中文
English