API Penetration Testing Course

Home API Penetration Testing Course Malware Analysis API Authentication SSDLC IS Auditing, Controls and Assurance Cyber Incident Response Security of the Pipeline Security in the Pipeline Security in the Pipeline Container Security Infrastructure as Code CCNA 200-301 Blockchain Security Cyber Threat Hunting

API Penetration Testing Course

Home API Penetration Testing Course Malware Analysis API Authentication SSDLC IS Auditing, Controls and Assurance Cyber Incident Response Security of the Pipeline Security in the Pipeline Security in the Pipeline Container Security Infrastructure as Code CCNA 200-301 Blockchain Security Cyber Threat Hunting

Introduction
Setting Up
- Tools
- Hacking Lab
API Reconnaissance
Endpoint Analysis
Scanning APIs
Authentication Attacks
Exploiting API Authorization
Improper Assets Management
Mass Assignment
Exploiting Server-Side Request Forgery
Injection Vulnerabilities
Evasion and Combining Techniques
- Evasive Maneuvers
- Combining Techniques

Powered by GitBook

On this page

Question 1
Question 2
Question 3

Scanning APIs

Assessment

PreviousScanning APIs with OWASP ZAP NextClassic Authentication Attacks

Last updated 1 year ago

Question 1

Which of the following are security misconfigurations detected when using the automated scan feature of ZAP on ?

Solution

Application Error Disclosure
.htaccess Information Leak
X-Content-Type Options Header Missing

Question 2

Which of the following endpoints are detected when using the automated scan feature of ZAP on ?

Solution

API1
API5

Question 3

Which of the following vulnerabilities are indicated at ?

Solution

Cross-Origin resource sharing (CORS) Misconfiguration

http://vapi.apisec.ai/vapi

http://vapi.apisec.ai/vapi

http://vapi.apisec.ai/vapi#tag/API7