Created
November 2, 2023 17:39
-
-
Save The-XSS-Rat/8b6d56df0f439f7f9abb90276d971400 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Information Disclosure: Look for endpoints that leak sensitive data. | |
Broken Object-Level Authorization (BOLA/IDOR): Accessing objects not meant for the authenticated user. | |
Broken User Authentication: Bypassing authentication mechanisms. | |
Rate Limiting: Test for unprotected endpoints against DoS or brute-force attacks. | |
HTTP Verb Tampering: Changing the HTTP verb (e.g., from GET to POST). | |
Missing Function Level Access Control: Accessing unauthorized functionalities. | |
Parameter Tampering: Altering parameters to manipulate responses. | |
SQL Injection: Injecting malicious SQL queries in input. | |
Command Injection: Injecting malicious commands in input. | |
Unsecured Endpoints: Looking for endpoints that lack security measures. | |
Mass Assignment: Exploiting APIs that use client-supplied data without validation. | |
API Enumeration: Checking sequential values to discover hidden data. | |
Insecure Direct Object References (IDOR): Accessing unauthorized objects via direct references. | |
Cross-Site Scripting (XSS): Injecting malicious scripts. | |
API Key Exposure: Finding exposed API keys in URLs, code, or documentation. | |
Token Generation Weakness: Predictable token generation. | |
OAuth Flaws: Misconfigurations in OAuth implementations. | |
Server-Side Request Forgery (SSRF): Forcing the server to make unauthorized requests. | |
Cross-Origin Resource Sharing (CORS) Misconfiguration: Exploiting improper CORS headers. | |
API Fuzzing: Sending unexpected/random data to probe for vulnerabilities. | |
XML External Entity (XXE) Attacks: Exploiting XML parsers. | |
Insecure API Versioning: Checking outdated or deprecated API versions. | |
Host Header Injection: Manipulating the host header. | |
File Upload Vulnerabilities: Uploading malicious files. | |
JSON Web Token (JWT) Attacks: Exploiting JWT implementations for unauthorized actions. | |
HTTP Response Splitting: Injecting data to split HTTP responses. | |
HTTP Request Smuggling: Sending ambiguous requests to bypass security. | |
GraphQL Specific Attacks: Exploring overly verbose errors or exploiting nested queries. | |
API Gateway Misconfigurations: Bypassing gateway protections or exploiting misconfigured routes. | |
API DDoS Attacks: Exploiting costly API calls. | |
Business Logic Bypass: Exploiting overlooked logical flaws. | |
Parameter Pollution: Injecting extra parameters to manipulate the API request. | |
Misconfigured SSL: Weak SSL ciphers or certificates. | |
Cache Poisoning: Exploiting caching mechanisms. | |
Path/Directory Traversal: Accessing unauthorized directories. | |
Replay Attacks: Reusing valid data transactions. | |
WSDL Enumeration: For SOAP-based web services, enumerate WSDL for sensitive operations. | |
Data Exposure From Backend Systems: Over-fetching of data from back-end systems. | |
Subdomain Takeover: Exploiting misconfigured DNS records related to the API. | |
Custom Error Messages: Revealing sensitive information. | |
Exposed Git/Folder Directories: Checking if directories (.git, .env) are exposed. | |
Stack Traces Exposure: Revealing sensitive information about the application's structure. | |
Header Injections: Injecting malicious headers to manipulate requests or responses. | |
Session Fixation: Forcing a user's session ID to a known value. | |
Race Conditions: Exploiting processes that aren't atomic. | |
GraphQL Introspection: Revealing all available API schema/data. | |
Redirection Attacks: Redirecting users to malicious sites. | |
API Key Rotation Policies: Exploiting keys that aren’t rotated or revoked properly. | |
Logging Sensitive Data: Information leaked via logs. | |
Missing Security Headers: Checking for headers that secure the API like Strict-Transport-Security, Content-Security-Policy, etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment