API Penetration Testing Course

Assessment

Question 1

Which of the following are security misconfigurations detected when using the automated scan feature of ZAP on http://vapi.apisec.ai/vapi?

Solution

  • Application Error Disclosure

  • .htaccess Information Leak

  • X-Content-Type Options Header Missing

Question 2

Which of the following endpoints are detected when using the automated scan feature of ZAP on http://vapi.apisec.ai/vapi?

Solution

  • API1

  • API5

Question 3

Which of the following vulnerabilities are indicated at http://vapi.apisec.ai/vapi#tag/API7?

Solution

Cross-Origin resource sharing (CORS) Misconfiguration

PreviousScanning APIs with OWASP ZAPNextClassic Authentication Attacks

Last updated