Attacking a REST API

Baptiste Coste

The following API won't be named for anonymity reasons. This is not a listing of all the API audit I did just one of them to give an idea of the process. I thank the company for letting get access to the source code to anonymize the application and be able to produce a realistic report with it.

An API to register documents

This security audit had for target a small REST API (~15 endpoints). My objective was to analyze and find all the vulnerabilities I could on each endpoints.
I didn't use automated tools on this project since the API was small and I had time to analyze each endpoint manually by myself.
Following this link (https://bcostegh.github.io/documents/audit_report.pdf) you will find the report of the audit.
Like this project

Posted Mar 13, 2024

API Security Audit Project. You will find a realistic report which has been anonymized linked in the work description.

Attacking a file share web application
Attacking a file share web application
Developing Cybersecurity Training Program
Developing Cybersecurity Training Program

Join 50k+ companies and 1M+ independents

Contra Logo

© 2025 Contra.Work Inc