README.md

🛡️ API Security Empire

Project Credits: Momen Eldawakhly (Cyber Guy) @ Cypro AB

In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!

🚪 First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:

PDF Version | XMind Version

⚔️ Weapons you will need:

• BurpSuite
• FFUF
• Arjun
• Postman
• SecLists
• FuzzDB
• SoapUI
• GraphQL Voyager
• Kiterunner
• unfurl

🥷 Test your abilities and weapons:

• vapi
• Generic-University

🚪 Second gate: {{Attacking}}

Attacking RESTful & SOAP:

PDF Version | XMind Version

Attacking GraphQL:

Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:

PDF Version | XMind Version

🙏 Special thanks:

• roottusk
• Portswigger
• Tomnomnom
• assetnote
• danielmiessler
• InsiderPhD
• ffuf
• OWASP

📝 License:

Our HACKERS! 🐱‍💻

• Lucas Lundgren Twitter LinkedIn
• Momen Eldawakhly (CyberGuy) Twitter LinkedIn