Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • API Hacking
  • Awesome API
  • API Keys: Find and validate
  • Books
  • Cheatsheets
  • Checklist
  • Conferences
  • Deliberately vulnerable APIs
  • Design, Architecture, Development
  • Encyclopedias, Projects, Wikis and GitBooks
  • Enumeration, Scanning and exploration steps
  • Firewalls
  • Fuzzing, SecLists, Wordlists
  • HTTP 101
  • Mind maps
  • Newsletters
  • Other resources
  • Playlists
  • Podcasts
  • Presentations, Videos
  • Projects
  • Security APIs
  • Specifications
  • Tools
  • Training, Workshops, Labs
  • Twitter

Was this helpful?

  1. Tools
  2. WEB

API and WS Hacking

PreviousWEBNextWeb Discovery

Last updated 7 months ago

Was this helpful?

API Hacking

MindAPI: Bringing order to API hacking caos!

CookieMindMap: Fuzz cookies and proceed!

Awesome API

A collection of awesome API Security tools and resources.

API Keys: Find and validate

Name
Description

Simple website to guess API Key / OAuth Token by Muhammad Daffa

An API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares.

Go scripts for checking API key / access token validity.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.

A tool used to hunt down API key leaks in JS files and pages

Books

Author
Publisher
Name
Description

Colin Domoney

Packt Publishing

Focused on helping developers produce secure APIs

Confidence Staveley

Packt Publishing

Uncover offensive defense strategies and get up to speed with secure API implementation

Corey Ball

No Starch Press

Breaking Web Application Programming Interfaces.

Dolev Farhi and Nick Aleks

No Starch Press

Black Hat GraphQL.

Emily Freeman

Data Theorem Special Edition

This book is a high-level introduction to the key concepts of API security and DevSecOps.

Justing Richer and Antonio Sanso

Manning

Several chapters from several Manning books that give you some context for how API security works in the real world.

Neil Madden

Manning

API Security in Action teaches you how to create secure APIs for any situation.

Cheatsheets

Name
Description

GraphQL - OWASP Cheat Sheet Series

PentesterLab - JSON Web Token Security Cheat Sheet

Injection - OWASP Cheat Sheet Series

Microservices - OWASP Security Cheat Sheet

42Crunch - OWASP API Security Top 10

REST Assessment - OWASP Cheat Sheet Series

REST Security - OWASP Cheat Sheet Series

Checklist

Author
Name
Description

HolyBugx

HolyTips: API security checklist

APIOps Cycles

API Audit checklist.

Shieldfy

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

API Mike, @api_sec

Common steps to include in any API penetration testing process.

Latish Danawale

API Testing Checklist.

Inon Shkedy

This challenge is Inon Shkedy's 31 days API Security Tips.

Binary Brotherhood

OAuth 2.0 Threat Model Pentesting Checklist

Apollo

9 Ways To Secure your GraphQL API — GraphQL Security Checklist

LeapGraph

How to Secure a GraphQL API - The Complete Vulnerability Checklist

Lokesh Gupta

REST API Tutorial blog entry.

Conferences

Name
Description

The world's first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.

Deliberately vulnerable APIs

Name
Author
Description

Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.

TryHackMe room - A Beginner level box with basic web enumeration and REST API Fuzzing.

completely ridiculous API (crAPI)

Damn Vulnerable GraphQL Application is intentionally vulnerable implementation of Facebook's GraphQL technology to learn and practice GraphQL Security.

This is a vulnerable microservice written in many languages to demonstrating OWASP API Top Security Risk (under development).

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

Damn Vulnerable Web Services is a vulnerable web service/API/application that we can use to learn webservices/API vulnerabilities.

Vulnerable API with Laravel App

A simple Express.JS REST API application that exposes endpoints with code that contains vulnerabilities.

The Pixi module is a MEAN Stack web app with wildly insecure APIs!

Research on GraphQL from an AppSec point of view.

This is a "Goat" project so you can get familiar with REST API testing.

Vulnerable REST API with OWASP top 10 vulnerabilities for APIs

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Intentionaly very vulnerable API with bonus bad coding practices.

A very vulnerable implementation of a GraphQL API.

Websheep is an app based on a willingly vulnerable ReSTful APIs.

This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.

Design, Architecture, Development

Name
Description

This Toolbox goal is to try and map out all of the different API specifications in use, as well as the services, tooling, extensions, and other supporting elements.

gRPC vs REST: Understanding gRPC, OpenAPI and REST and when to use them in API design

API security design best practices for enterprise and public cloud.

This design guide or style guide contains best practices suitable for most REST APIs.

How to design a REST API? - Full guide tackling security, pagination, filtering, versioning, partial answers, CORS, etc.

A collaborative list of great resources about RESTful API architecture, development, test, and performance. Feel free to contribute to this ongoing list.

Collecting Requirements for your API with APIOps Cycles.

API Audit is a method to ensure APIs are matching the API Design guidelines. It also helps check for usability, security and API management platform compatibility.

Encyclopedias, Projects, Wikis and GitBooks

Author
Name
Description

@six2dez

APIs Pentest Book

@csbygb

CSbyGB's Pentips

cyprosecurity

The API Security Empire Project aims to present unique attack & defense methods in the API Security field

@APIsecurity.io

API Security Encyclopedia

@carlospolop

HackTricks - Web API Pentesting

@carlospolop

HackTricks - GraphQL

Enumeration, Scanning and exploration steps

Name
Description

Using Burp to Enumerate a REST API

Scanning APIs with ZAP

Exploring APIs with ZAP

Scan REST APIs with w3af

Firewalls

Name
Description

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Fuzzing, SecLists, Wordlists

Name
Description

A wordlist of API names for web application assessments

HTTP requests methods wordlist by @danielmiessler

API Routes - Automated Wordlists provided by Assetnote

Wordlist for common API endpoints.

Potentially dangerous files

Fuzzing APIs chapter from "The Fuzzing Book".

It's a GraphQL list used during security assessments, collected in one place.

Wordlists and API paths by @hapi_hacker

Kiterunner Wordlists provided by Assetnote

A list of 3203 common API endpoints and objects designed for fuzzing.

Swagger endpoints

It is a collection of web content discovery lists for APIs used during security assessments.

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

HTTP 101

Name
Description

HTTP Headers: a simplified and comprehensive table.

HTTP Methods: a simplified and comprehensive table.

HTTP Status codes: a simplified and comprehensive table.

httpstatuses.com is an easy to reference database of HTTP Status Codes with their definitions and helpful code references all in one place.

HTTP headers, media-types, methods, relations and status codes, all summarized and linking to their specification.

Mind maps

Author
Name
Description

Mind map: REST API defenses

Mind map: API Pentesting - ATTACK

Mind map: API Pentesting - Recon

Mind map: GraphQL Attacking

Organize your API security assessment by using MindAPI

Mind map: XML attacks

Mind map: GraphQL Security Testing

Mind map: OWASP API Top 10

Mind map: IDOR Techniques

Newsletters

Author
Name
Description

42Crunch

API Security Articles - The Latest API Security News, Vulnerabilities & Best Practices.

Dana Epp

API Hacker’s Inner Circle Newsletter.

Other resources

Name
Author
Description

Dana Epp

API Hacking Fundamentals, Tools, Techniques, Fails and Mindset articles.

Expedited Security

API Security Best Practices MegaGuide

Bright Security

API Security, The Complete Guide

SecureLayer7

API Penetration Testing with OWASP 2017 Test Cases.

UnderDefense

Anonymised API Penetration Testing Report - vendor sample template

RhinoSecurityLabs

Simplifying API Pentesting With Swagger Files.

MindAPI

Resources to help out in the API security path; diverse content from talks/webinards/videos, must read, writeups, bola/idors, oauth, jwt, rate limit, ssrf and practice entries.

Spherical Defence

Principles of API Security Testing and how to perform a Security Test on an API.

Bend Theory

Finding and Exploiting Unintended Functionality in Main Web App APIs

SmartBear

How to Hack an API and Get Away with It (Part 1 of 3).

Detectify

How to Hack APIs in 2021

Wallarm

How to Hack API in 60 minutes with Open Source Tools

YesWeHAck

How to exploit GraphQL endpoint: introspection, query, mutations & tools.

WunderGraph

GraphQL Security Guide, Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready.

Aakash Choudhary

My Notes on Hacking APIs from Bug Bounty Bootcamp.

NeuraLegion

SOAP Security, Top Vulnerabilities and How to Prevent Them.

PortSwigger

What are API and microservice security?

42Crunch

Strengthening Your API Security Posture – Ford Motor Company.

Tenchi Security

Security Implications of AWS API Gateway Lambda Authorizers and IAM Wildcard Expansion.

Playlists

Name
Description

A video collection from Katie Paxton-Fear, @InsiderPhD, and other people creating a playlist of API hacking knowledge!

API hacking videos from @theXSSrat

Podcasts

Name
Description

The Hacker Mind Podcast: Hacking APIs

21: Troy Hunt: Hack Your API-Security Testing.

Erez Yalon — The OWASP API Security Project

We Hack Purple Podcast Episode 38 API Security Best Practices.

Presentations, Videos

Name
Description

Pentesting Rest API's by Gaurang Bhatnagar

"How Secure are you APIs?" - Securing your APIs: OWASP API Top 10 2019, Case Study and Demo.

API Security Testing For Hackers

Bad API, hAPI Hackers!

Hidden in Plain Site: Disclosing Information via Your APIs.

REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure.

Projects

Name
Description

OWASP API Security Project - API Security Top 10

Security APIs

Name
Description

A collective list of public JSON APIs for use in security.

Specifications

Name
Description

API Blueprint Specification

AsyncAPI Specification

OpenAPI Specification

JSON API Specification

GraphQL Specification

RAML Specification

Tools

Name
Description

GraphQL

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations.

Obtain GraphQL API schema despite disabled introspection!

InQL - A Burp Extension for GraphQL Security Testing.

Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce.

Security Auditor Utility for GraphQL APIs.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

Tool that lists the different ways of reaching a given type in a GraphQL schema.

GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations.

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Blazing fast GraphQL discovery & fingerprinting toolbox.

The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers

REST APIs

API discovery, automated business logic testing and runtime detection

The DevSecOps toolset for REST APIs.

Reconstruct Open API Specifications from real-time workload traffic seamlessly.

Fuzz test your application using your OpenAPI or Swagger API definition without coding.

APIKit:Discovery, Scan and Audit APIs Toolkit All In One.

HTTP parameter discovery suite.

Automated Security Testing For REST API's.

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints.

Stop half-done API specifications with a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

Fast web fuzzer written in Go.

Fuzzapi is a tool used for REST API pentesting anTnT-Fuzzerd uses API_Fuzzer gem.

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

Contextual Content Discovery Tool.

Open-source API security tool to discover, inventory, test, and protect your APIs.

Automagically reverse-engineer REST APIs via capturing traffic

Verify the accuracy of your OpenAPI 3.x spec using real traffic and automatically apply patches that keep it up-to-date

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Designed as a proof-of-concept for the feasibility of testing generic real-world REST implementations. Its goal is to provide a framework for REST security research.

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

A tool geared towards pentesting APIs using OpenAPI definitions.

OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.

Dump all available paths and/or endpoints on WADL file.

A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.

SOAP

WSDL Parser extension for Burp.

WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.

Others

Language-agnostic HTTP API Testing Tool

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

SoapUI is a free and open-source cross-platform functional testing solution for APIs and web services.

Open-source framework for API Quality Assurance, which tests REST, GraphQL and gRPC automated and from Open API spec.

Pull out bits of URLs provided on stdin

Noir is an attack surface detector form source code.

Training, Workshops, Labs

Author
Name
Description

APIsec

APIsec University provides training courses for application security professionals

Corey Ball

Hacking APIs: workshop

Escape

API Security Academy, by escape

Grant Ongers

OWASP API Top 10 CTF Walk-through.

Hacker101

GraphQL Week on The Hacker101 Capture the Flag Challenges

Karel Husa

Banking-like REST and GraphQL API for training/learning purposes.

Kontra

Is a series of free interactive application security training modules that teach developers how to identify and mitigate security vulnerabilities in their web API endpoints.

OWASP-SKF

GraphQL Labs on the OWASP Security Knowledge Framework

Pentester Academy

Pentester Academy - attack & defense

Semgrep Academy

Learn the basics of API security in this short and fun mini course!

ShipFast

Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

Wesley Thijs

API Hacking Excercises by @TheXSSrat

Twitter

Author
Name
Description

42Crunch

API security news, standards, vulnerabilities, tools.

Corey J. Ball

Cybersecurity consulting manager

Dana Epp

Microsoft Security MVP

David Sopas

Security Researcher

Katie Paxton-Fear

Lecturer and hacker

Wesley Thijs

Ethical hacker

)

)

API Guesser
API Key Leaks: Tools and exploits
Key-Checker
Keyhacks
Private key usage verification
Mantra
Defending APIs
API Security for White Hat Hackers
Hacking APIs
Black Hat GraphQL
API Security for dummies
Understanding API Security
API Security in Action
GraphQL Cheat Sheet
JSON Web Token Security Cheat Sheet
Injection Prevention Cheat Sheet
Microservices Security Cheat Sheet
OWASP API Security Top 10
REST Assessment Cheat Sheet
REST Security Cheat Sheet
another API Security checklist
API audit checklist
API-Security-Checklist
API penetration testing checklist
API Testing Checklist
31 days of API Security Tips
OAuth2: Security checklist
GraphQL API — GraphQL Security Checklist
GraphQL API - The Complete Vulnerability Checklist
REST API Security Essentials
APIsecure
APISandbox
APISecurity Community
Bookstore
sidchn
crAPI
OWASP
Damn Vulnerable GraphQL Application
dolevf
Damn Vulnerable Micro Services
ne0z
Damn Vulnerable RESTaurant API Game
theowni
Damn Vulnerable Web Services
snoopysecurity
Generic-University
InsiderPhD
node-api-goat
layro01
Pixi
DevSlop
poc-graphql
righettod
REST API Goat
optiv
VAmPI
erev0s
vAPI
roottusk
vulnapi
tkisason
vulnerable-graphql-api
CarveSystems
Websheep
marmicode
VulnerableApp4APISecurity
Erdemstar
The API Specification Toolbox
Understanding gRPC, OpenAPI and REST
API security design best practices
REST API Design Guide
How to design a REST API
Awesome REST
Collect API Requirements
API Audit
APIs Pentest Book
API Pentest tips
API Security Empire
API Security Encyclopedia
Web API Pentesting
GraphQL
Burp API enumeration
ZAP scanning
ZAP exploring
w3af scanning
Wallarm Free API Firewall
API names wordlist
API HTTP requests methods
API Routes Wordlists
Common API endpoints
Filenames by fuzz.txt
Fuzzing APIs
GraphQL SecList
Hacking-APIs
Kiterunner Wordlists
List of API endpoints & objects
List of Swagger endpoints
SecLists for API's web-content discovery
GraphQL wordlist
Know your HTTP Headers!
Know your HTTP Methods!
Know your HTTP Status codes!
HTTP Status Codes
Know your HTTP * Well
Abhay Bhargav
REST API defenses
Cypro AB
API Pentesting - ATTACK
Cypro AB
API Pentesting - Recon
Cypro AB
GraphQL Attacking
David Sopas
MindAPI
Harsh Bothra
XML attacks
Mosaad Sallam
GraphQL Security Testing
Mosaad Sallam
OWASP API Top10
Mufaddal Masalawala
IDOR Techniques
api security articles
api hacker’s inner circle
API Hacking Articles
API Security best practices guide
API Security: The Complete Guide
API Penetration Testing
API Penetration Testing Report
API Pentesting with Swagger Files
API security path resources
API Security Testing
Finding and Exploiting Web App APIs
How to Hack an API and Get Away with It
How to Hack APIs in 2021
How to Hack API in 60 minutes with Open Source Tools
GraphQL penetration testing
Fixing the 13 most common GraphQL Vulnerabilities
Hacking APIs - Notes from Bug Bounty Bootcamp
SOAP Security Vulnerabilities and Prevention
API and microservice security
Strengthening Your API Security Posture
The Fault in Our Stars
Everything API Hacking
API hacking
Hacking APIs
Hack Your API-Security Testing
The OWASP API Security Project
Episode 38 API Security Best Practices
pentesting-rest-apis
Securing your APIs
api-security-testing-for-hackers
bad-api-hapi-hackers
disclosing-information-via-your-apis
rest-in-peace-abusing-graphql
owasp api security project
awesome-security-apis
API Blueprint
AscyncAPI
OpenAPI
JSON API
GraphQL
RAML
BatchQL
clairvoyance
InQL
graphinder
graphql-cop
GraphQLmap
graphql-path-enum
graphql-playground
graphql-threat-matrix
graphw00f
goctopus
graphql-armor
Akto
APICheck
APIClarity
APIFuzzer
APIKit
Arjun
Astra
Automatic API Attack Tool
CATS
Cherrybomb
ffuf
fuzzapi
gotestwaf
kiterunner
Metlo
mitmproxy2swagger
Optic
OFFAT
REST-Attacker
RESTler
Swagger-EZ
TnT-Fuzzer
wadl-dumper
fuzz-lightyear
Wsdler
wsdl-wizard
dredd
getallurls (gau)
SoapUI
Step CI
unfurl
noir
API Security University
Hacking APIs
API Security Academy
API top 10 walkthrough
GraphQL challenges
BankGround API
OWASP Top 10 for API
GraphQL Labs
API security, REST Labs
API Security Mini Course
Practical API Security Walkthrough
Let's build an API to hack
@apisecurityio
@hAPI_hacker
@ddǝɐuɐp
@dsopas
@InsiderPhD
@theXSSrat
LogoCookie Based Authentication Vulnerabilitieshttps://xmind.net/m/2FwJ7D/
LogoGitHub - arainho/awesome-api-security: A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.GitHub