{"id":10358,"date":"2022-08-29T14:31:25","date_gmt":"2022-08-29T14:31:25","guid":{"rendered":"https:\/\/www.webtechmantra.com\/?p=10358"},"modified":"2022-08-29T14:31:28","modified_gmt":"2022-08-29T14:31:28","slug":"api-security-testing-guide","status":"publish","type":"post","link":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/","title":{"rendered":"An API Security Testing Guide"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_61 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Why_Secure_APIs\" title=\"Why Secure APIs?\">Why Secure APIs?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Foundational_Steps\" title=\"Foundational Steps\">Foundational Steps<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Planning_and_Designing\" title=\"Planning and Designing\">Planning and Designing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Whos_in_Charge\" title=\"Who\u2019s in Charge?\">Who\u2019s in Charge?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Backend_Details_Matter\" title=\"Backend Details Matter\">Backend Details Matter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Inventory\" title=\"Inventory\">Inventory<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Threat_Model\" title=\"Threat Model\">Threat Model<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Choose_Your_Own_Adventure\" title=\"Choose Your Own Adventure\">Choose Your Own Adventure<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Documentation\" title=\"Documentation\">Documentation<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Technical_Testing\" title=\"Technical Testing\">Technical Testing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Learn_More_About_APIs\" title=\"Learn More About APIs\">Learn More About APIs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#Final_Words\" title=\"Final Words\">Final Words<\/a><\/li><\/ul><\/nav><\/div>\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Secure_APIs\"><\/span>Why Secure APIs?<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created. All the projects were great \u2013 well-designed, creative, and they filled a need. One of the projects involved an app scanning QR codes at landmarks to guide visitors to important sites throughout their city.&nbsp;<\/p>\n\n\n\n<p>One of my questions to them was, \u201cHow would you protect those QR codes from being manipulated to send visitors to malicious sites?\u201d It gave them something to think about for improvement (again, the concept is great, and I was pointing out a security improvement consideration, not a design flaw).<\/p>\n\n\n\n<p>Any time technology (or anything for that matter) is public facing, one must consider threat actors. There\u2019s a lot of goodwill out there, and many people don\u2019t take the step of criminal activity. But security isn\u2019t there to stop good things from happening; it\u2019s there to stop people from doing bad things.<\/p>\n\n\n\n<p>Not everyone knows about APIs, we all use them nearly every day, and few of us want to mess with them. But people who routinely target digital resources have realized that APIs are an attractive way in, so API security needs to be a serious consideration.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Foundational_Steps\"><\/span>Foundational Steps<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Planning_and_Designing\"><\/span>Planning and Designing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>It&#8217;s been said that the hardest thing for a writer&#8217;s wife to learn is that when he&#8217;s staring out the window, he&#8217;s working. When planning for and designing APIs, spending lots of time talking and thinking about the grand design isn\u2019t a waste of time. Paralysis by analysis is a real thing, but failure due to lack of planning is also real.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Whos_in_Charge\"><\/span>Who\u2019s in Charge?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Determine who\u2019s in charge of testing, and which tests different teams will conduct across the life cycle.&nbsp; How big is the team? Do you need an internal and disinterested party? Unless there\u2019s a regulatory, contractual, compliance or other similar restraint, policies and procedures can be quite creative while still adhering to secure and clean code practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Backend_Details_Matter\"><\/span>Backend Details Matter<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There&#8217;s a concept for producing excellent animation that says, &#8220;Paint the back of the drawer.&#8221; The idea is that attention to detail includes the behind-the-scenes and never-seen aspects.<\/p>\n\n\n\n<p>Pay attention to and provide the proper resources to secure the backend databases, processes, services, and data. When thinking about confidentiality and integrity through components such as encryption and access control, remember availability, or uptime, through strategies that include resource management, redundancy, and scalability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Inventory\"><\/span>Inventory<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Avoid zombie, outdated, or shadow APIs. You can\u2019t protect it if you don\u2019t know you have it. And APIs can sprawl out of hand quickly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Threat_Model\"><\/span>Threat Model<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Based on your API architecture and design, what might threat actors try to make the APIs do?&nbsp;<\/p>\n\n\n\n<p>Because it\u2019s a form of risk assessment, threat modeling is neither a shot in the dark nor gambling \u2013 it\u2019s a way to calculate organizational risk. An organization does its best to determine what threats may actually materialize, allowing one to focus on what\u2019s considered a real risk, not just fear tactics.<\/p>\n\n\n\n<p>When done properly, this process further avoids the appearance of negligence if there is a breach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Choose_Your_Own_Adventure\"><\/span>Choose Your Own Adventure<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Remember the CYOA books? Or perhaps you\u2019re a Pick Your Path fan. These still-popular books are where the reader picks from the next steps made available, and that choice determines what page one turns to and what happens next. Your API testing path will be chosen by your pick of design. SOAP? REST? GraphQL? These are different technologies and play a vital role in what and how you test.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Documentation\"><\/span>Documentation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Document, document, document &#8211; this is vital, and it can be quite boring. But someone needs to do it. In the audit world, the saying goes, &#8220;If it isn&#8217;t documented, it doesn&#8217;t exist.&#8221;<\/p>\n\n\n\n<p>A few years ago, I wrote a haiku about documentation (I presented this as part of a presentation to an audience of developers once &#8211; many groans, but also many cheers):<\/p>\n\n\n\n<p>Documentation<\/p>\n\n\n\n<p>Is a necessary pain,<\/p>\n\n\n\n<p>The future loves you<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Technical_Testing\"><\/span>Technical Testing<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>Details are as necessary as foundations. The foundational steps focus on strategy, and the details move toward tactical projects and tasks that are performed on a regular basis. In a <a href=\"https:\/\/www.cybersecuritydive.com\/news\/feds-threat-actors-prey-security-mishaps\/624135\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">recent article<\/a>, NSA\u2019s cybersecurity director said, \u201cNo need for fancy [zero]-days when these weak controls and misconfigurations allow [adversaries] access\u2026\u201d Testing specific controls is essential for keeping APIs secure.&nbsp;<\/p>\n\n\n\n<p>Here are some specific controls to test:<\/p>\n\n\n\n<ol><li>Rate limiting \u2013 ensure that an API can handle brute force and DDoS attempts<\/li><li>Input Validation \u2013 make sure that input fields can\u2019t be used to inject information to other than what\u2019s intended (e.g., SQL, command, and content injections)<\/li><li>Limit Data Exposure \u2013 what can be seen when an API is called, especially when strange or malformed information is sent and requested?<\/li><li>Runtime Protection \u2013 this is the crux of API protection &#8211; are there bad actors manipulating your APIs right now?<\/li><li>Fuzz testing \u2013 these tools can be used to cover multiple areas mentioned above. Common examples include OWASP ZAP, Burp Suite, and Postman.<\/li><\/ol>\n\n\n\n<p>Here are a few resources with a lot more specific information on making one\u2019s own checklist and methodology.&nbsp;<\/p>\n\n\n\n<ol><li><a href=\"https:\/\/owasp.org\/www-project-api-security\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">OWASP API Top 10<\/a>&nbsp;<\/li><li>Shieldfy\u2019s <a href=\"https:\/\/github.com\/shieldfy\/API-Security-Checklist\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">API Security Checklist<\/a><\/li><li>OWASP <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/GraphQL_Cheat_Sheet.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">GraphQL cheat sheet<\/a><\/li><\/ol>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Learn_More_About_APIs\"><\/span>Learn More About APIs<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>Feeling overwhelmed and want to know more about APIs? A couple of good resources are:<\/p>\n\n\n\n<ol><li>Salt Security\u2019s <a href=\"https:\/\/salt.security\/blog\/api-security-fundamentals\" target=\"_blank\" rel=\"noreferrer noopener\">API Security Fundamentals<\/a> provides an excellent overview of several important API security areas.&nbsp;<\/li><li><a href=\"https:\/\/github.com\/optiv\/rest-api-goat\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">REST API GOAT<\/a> is a Docker image designed for people to get familiar with REST API security.<\/li><\/ol>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Words\"><\/span>Final Words<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p>In web security, there\u2019s never enough information, testing, and controls that will keep threat actors out 100%. Producing a stable, useful, even enjoyable app is what makes a business money. Because APIs are so fundamental to applications today, securing APIs is essential to maintaining trust and loyalty from customers. Protecting the data these APIs are sharing is something customers expect to be done right \u2013 getting API security processes in place now will pay dividends in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why Secure APIs? During a recent university initiative, I got to take part with many<\/p>\n","protected":false},"author":25,"featured_media":10359,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[768],"tags":[2478,428,2479],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>An API Security Testing Guide<\/title>\n<meta name=\"description\" content=\"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An API Security Testing Guide\" \/>\n<meta property=\"og:description\" content=\"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\" \/>\n<meta property=\"og:site_name\" content=\"WTM - Technology, Business, Finance, Digital Marketing\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webtechmantra\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-29T14:31:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-29T14:31:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/An-API-Security-Testing-Guide-e1661778053665.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"805\" \/>\n\t<meta property=\"og:image:height\" content=\"463\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Greg Stanley\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@webtechmantra\" \/>\n<meta name=\"twitter:site\" content=\"@webtechmantra\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Greg Stanley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\"},\"author\":{\"name\":\"Greg Stanley\",\"@id\":\"https:\/\/www.webtechmantra.com\/#\/schema\/person\/127c2846b57a96cd656a141541240674\"},\"headline\":\"An API Security Testing Guide\",\"datePublished\":\"2022-08-29T14:31:25+00:00\",\"dateModified\":\"2022-08-29T14:31:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\"},\"wordCount\":1036,\"publisher\":{\"@id\":\"https:\/\/www.webtechmantra.com\/#organization\"},\"keywords\":[\"API\",\"Security\",\"Testing Guide\"],\"articleSection\":[\"Apps\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\",\"url\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\",\"name\":\"An API Security Testing Guide\",\"isPartOf\":{\"@id\":\"https:\/\/www.webtechmantra.com\/#website\"},\"datePublished\":\"2022-08-29T14:31:25+00:00\",\"dateModified\":\"2022-08-29T14:31:28+00:00\",\"description\":\"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created\",\"breadcrumb\":{\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.webtechmantra.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An API Security Testing Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.webtechmantra.com\/#website\",\"url\":\"https:\/\/www.webtechmantra.com\/\",\"name\":\"WTM - Technology, Business, Finance, Digital Marketing\",\"description\":\"Technology, Business, Finance, Digital Marketing\",\"publisher\":{\"@id\":\"https:\/\/www.webtechmantra.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.webtechmantra.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.webtechmantra.com\/#organization\",\"name\":\"WTM - Technology, Business, Finance, Digital Marketing\",\"url\":\"https:\/\/www.webtechmantra.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webtechmantra.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/web-tech-mantra-logo-1-e1586874822549.png\",\"contentUrl\":\"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/web-tech-mantra-logo-1-e1586874822549.png\",\"width\":250,\"height\":64,\"caption\":\"WTM - Technology, Business, Finance, Digital Marketing\"},\"image\":{\"@id\":\"https:\/\/www.webtechmantra.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webtechmantra\",\"https:\/\/twitter.com\/webtechmantra\",\"https:\/\/www.pinterest.com\/webtechmantraofficial\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.webtechmantra.com\/#\/schema\/person\/127c2846b57a96cd656a141541240674\",\"name\":\"Greg Stanley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.webtechmantra.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.webtechmantra.com\/wp-content\/litespeed\/avatar\/bd7e6b8373fd5f10d5e27113aacd1aba.jpg?ver=1703940754\",\"contentUrl\":\"https:\/\/www.webtechmantra.com\/wp-content\/litespeed\/avatar\/bd7e6b8373fd5f10d5e27113aacd1aba.jpg?ver=1703940754\",\"caption\":\"Greg Stanley\"},\"description\":\"Me Greg Stanley is the editor of the web tech mantra website. And I have ten-plus years of experience in the content marketing world. I gained the skills to present helpful content to all precious audience of the site. My only moto is to create trust and maintain quality, readability content to the people through the web tech mantra website.\",\"url\":\"https:\/\/www.webtechmantra.com\/author\/greg-stanley\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An API Security Testing Guide","description":"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/","og_locale":"en_US","og_type":"article","og_title":"An API Security Testing Guide","og_description":"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created","og_url":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/","og_site_name":"WTM - Technology, Business, Finance, Digital Marketing","article_publisher":"https:\/\/www.facebook.com\/webtechmantra","article_published_time":"2022-08-29T14:31:25+00:00","article_modified_time":"2022-08-29T14:31:28+00:00","og_image":[{"width":805,"height":463,"url":"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/An-API-Security-Testing-Guide-e1661778053665.jpg","type":"image\/jpeg"}],"author":"Greg Stanley","twitter_card":"summary_large_image","twitter_creator":"@webtechmantra","twitter_site":"@webtechmantra","twitter_misc":{"Written by":"Greg Stanley","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#article","isPartOf":{"@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/"},"author":{"name":"Greg Stanley","@id":"https:\/\/www.webtechmantra.com\/#\/schema\/person\/127c2846b57a96cd656a141541240674"},"headline":"An API Security Testing Guide","datePublished":"2022-08-29T14:31:25+00:00","dateModified":"2022-08-29T14:31:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/"},"wordCount":1036,"publisher":{"@id":"https:\/\/www.webtechmantra.com\/#organization"},"keywords":["API","Security","Testing Guide"],"articleSection":["Apps"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/","url":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/","name":"An API Security Testing Guide","isPartOf":{"@id":"https:\/\/www.webtechmantra.com\/#website"},"datePublished":"2022-08-29T14:31:25+00:00","dateModified":"2022-08-29T14:31:28+00:00","description":"During a recent university initiative, I got to take part with many other industry professionals in providing feedback for application projects some students created","breadcrumb":{"@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.webtechmantra.com\/api-security-testing-guide\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.webtechmantra.com\/api-security-testing-guide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.webtechmantra.com\/"},{"@type":"ListItem","position":2,"name":"An API Security Testing Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.webtechmantra.com\/#website","url":"https:\/\/www.webtechmantra.com\/","name":"WTM - Technology, Business, Finance, Digital Marketing","description":"Technology, Business, Finance, Digital Marketing","publisher":{"@id":"https:\/\/www.webtechmantra.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.webtechmantra.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.webtechmantra.com\/#organization","name":"WTM - Technology, Business, Finance, Digital Marketing","url":"https:\/\/www.webtechmantra.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webtechmantra.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/web-tech-mantra-logo-1-e1586874822549.png","contentUrl":"https:\/\/www.webtechmantra.com\/wp-content\/uploads\/web-tech-mantra-logo-1-e1586874822549.png","width":250,"height":64,"caption":"WTM - Technology, Business, Finance, Digital Marketing"},"image":{"@id":"https:\/\/www.webtechmantra.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webtechmantra","https:\/\/twitter.com\/webtechmantra","https:\/\/www.pinterest.com\/webtechmantraofficial\/"]},{"@type":"Person","@id":"https:\/\/www.webtechmantra.com\/#\/schema\/person\/127c2846b57a96cd656a141541240674","name":"Greg Stanley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.webtechmantra.com\/#\/schema\/person\/image\/","url":"https:\/\/www.webtechmantra.com\/wp-content\/litespeed\/avatar\/bd7e6b8373fd5f10d5e27113aacd1aba.jpg?ver=1703940754","contentUrl":"https:\/\/www.webtechmantra.com\/wp-content\/litespeed\/avatar\/bd7e6b8373fd5f10d5e27113aacd1aba.jpg?ver=1703940754","caption":"Greg Stanley"},"description":"Me Greg Stanley is the editor of the web tech mantra website. And I have ten-plus years of experience in the content marketing world. I gained the skills to present helpful content to all precious audience of the site. My only moto is to create trust and maintain quality, readability content to the people through the web tech mantra website.","url":"https:\/\/www.webtechmantra.com\/author\/greg-stanley\/"}]}},"_links":{"self":[{"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/posts\/10358"}],"collection":[{"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/comments?post=10358"}],"version-history":[{"count":0,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/posts\/10358\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/media\/10359"}],"wp:attachment":[{"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/media?parent=10358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/categories?post=10358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webtechmantra.com\/wp-json\/wp\/v2\/tags?post=10358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}