Attacking a REST API by Baptiste CosteAttacking a REST API by Baptiste Coste

Attacking a REST API

Baptiste Coste

Baptiste Coste

Cybersecurity Specialist

Burp Suite

Burp Suite

Linux

Linux

Python

Python

The following API won't be named for anonymity reasons. This is not a listing of all the API audit I did just one of them to give an idea of the process. I thank the company for letting get access to the source code to anonymize the application and be able to produce a realistic report with it.

An API to register documents

This security audit had for target a small REST API (~15 endpoints). My objective was to analyze and find all the vulnerabilities I could on each endpoints.

I didn't use automated tools on this project since the API was small and I had time to analyze each endpoint manually by myself.

Following this link (https://bcostegh.github.io/documents/audit_report.pdf) you will find the report of the audit.

Like this project

Posted Mar 13, 2024

API Security Audit Project. You will find a realistic report which has been anonymized linked in the work description.

Likes

0

Views

3

Tags

Cybersecurity Specialist

Burp Suite

Burp Suite

Linux

Linux

Python

Python

Baptiste Coste

Baptiste Coste

Offensive Web Security Expert 🌐

Attacking a file share web application

Attacking a file share web application

Developing Cybersecurity Training Program

Developing Cybersecurity Training Program

Join 50k+ companies and 1M+ independents

For independents

Contra Pro Manage freelance projects Get verified as an expert Find jobs Get discovered Sign contracts Send invoices Commission-free payments

For companies

For companies Manage team projects Share hiring workspace Post jobs Discover contractors Sign contracts Approve invoices Global payments & tax compliance

Use Cases

For companies For freelancers For creator tools For agencies For VCs

Resources

Partner networks Advertising Hackathons Creative Human Data Human Creativity Benchmark Human in the loop API Project-based hiring calculator Guide to flexible hiring Guide for agencies Creator tools awards Customer stories Blog FAQs for freelancers FAQs for companies Referrals

Hire Freelancers

Explore all Top independents Design Engineering Marketing Music & audio Social media Video & animation Product Business consulting & HR Other

Company

Mission Careers Terms & conditions Privacy policy Cookie policy

Contact

Contact support

For independents

Contra Pro Manage freelance projects Get verified as an expert Find jobs Get discovered Sign contracts Send invoices Commission-free payments

For companies

For companies Manage team projects Share hiring workspace Post jobs Discover contractors Sign contracts Approve invoices Global payments & tax compliance

Use Cases

For companies For freelancers For creator tools For agencies For VCs

Resources

Partner networks Advertising Hackathons Creative Human Data Human Creativity Benchmark Human in the loop API Project-based hiring calculator Guide to flexible hiring Guide for agencies Creator tools awards Customer stories Blog FAQs for freelancers FAQs for companies Referrals

Hire Freelancers

Explore all Top independents Design Engineering Marketing Music & audio Social media Video & animation Product Business consulting & HR Other

Contact

Contact support

Company

Mission Careers Terms & conditions Privacy policy Cookie policy

© 2025 Contra.Work Inc