Introduction to API Security Testing

In this video, I discussed API Security Testing and focused more on why it's essential over functional testing and what are the methodologies, you need to follow to perform this testing and why manual testing is essential over automation while testing any API and discussed what are the vulnerabilities to look for during manual testing. 00:00 - Introduction 00:45 - What is an API? 02:26 - What all of these applications have in common? 03:24 - HTTP Request/Response 04:41 - What is API Security Testing? 06:27 - What type of vulnerability to look for during Testing? 07:23 - Broken Object Level Authorization 10:50 - Broken User Authentication 13:52 - Excessive Data Exposure 16:35 - Lack of Resources & Rate Limiting 19:26 - Broken Function Level Authorization 22:54 - Mass Assignment 26:00 - Security Misconfiguration 28:43 - Injection 31:43 - Improper Assets Management 35:16 - Insufficient Logging & Monitoring 37:53 - Why API Security Testing is important? 40:29 - API Security Testing Methodology 44:35 - Authentication 46:31 - Parameter Tampering 48:26 - Injection 49:48 - HTTP Method Manipulation 51:29 - Fuzzing 53:43 - Manual Testing vs Automation 56:09 - API Security Testing Tools 58:34 - Takeaways 01:01:40 - Thank You Website - https://hackbotone.com/ Follow me: Medium: - https://medium.com/@hackbotone Facebook: - https://www.facebook.com/hackbotone/ Twitter: - https://twitter.com/anspattnaik Linkedin : - https://www.linkedin.com/in/anshuman123 Github: - https://github.com/anshumanpattnaik