The following API won't be named for anonymity reasons. This is not a listing of all the API audit I did just one of them to give an idea of the process. I thank the company for letting get access to the source code to anonymize the application and be able to produce a realistic report with it.

This security audit had for target a small REST API (~15 endpoints). My objective was to analyze and find all the vulnerabilities I could on each endpoints.

I didn't use automated tools on this project since the API was small and I had time to analyze each endpoint manually by myself.

Following this link (https://bcostegh.github.io/documents/audit_report.pdf) you will find the report of the audit.