API Security AssessmentGuilherme Farinassi
Full black-box REST and GraphQL API security assessment following OWASP API Security Top 10 methodologies.
What's included:
- Authentication and authorization testing (BOLA/IDOR, BFLA, broken JWT/OAuth)
- Mass assignment and excessive data exposure
- Rate limiting, resource allocation, and business logic flaws
- Injection testing (SQLi, NoSQLi, command injection via API parameters)
- GraphQL introspection, batching attacks, and field-level authorization
- Detailed report with CVSS scores, PoC requests/responses, and remediation guidance
- Executive summary for non-technical stakeholders
- 1 retest after fixes (within 30 days)
Deliverables: PDF report + raw findings list. API documentation (Swagger/Postman) required. Communication via Contra messages throughout the engagement.
Guilherme's other services
Starting at$900
Duration1 week
Tags
Security Engineer
Service provided by
Guilherme Farinassi São Paulo, Brazil
API Security AssessmentGuilherme Farinassi
Starting at$900
Duration1 week
Tags
Security Engineer
Full black-box REST and GraphQL API security assessment following OWASP API Security Top 10 methodologies.
What's included:
- Authentication and authorization testing (BOLA/IDOR, BFLA, broken JWT/OAuth)
- Mass assignment and excessive data exposure
- Rate limiting, resource allocation, and business logic flaws
- Injection testing (SQLi, NoSQLi, command injection via API parameters)
- GraphQL introspection, batching attacks, and field-level authorization
- Detailed report with CVSS scores, PoC requests/responses, and remediation guidance
- Executive summary for non-technical stakeholders
- 1 retest after fixes (within 30 days)
Deliverables: PDF report + raw findings list. API documentation (Swagger/Postman) required. Communication via Contra messages throughout the engagement.
Guilherme's other services
$900