api-security-testing

仓库: sickn33/antigravity-awesome-skills
安装量: 93
排名: #8743

安装

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill api-security-testing

API Security Testing Workflow Overview Specialized workflow for testing REST and GraphQL API security including authentication, authorization, rate limiting, input validation, and API-specific vulnerabilities. When to Use This Workflow Use this workflow when: Testing REST API security Assessing GraphQL endpoints Validating API authentication Testing API rate limiting Bug bounty API testing Workflow Phases Phase 1: API Discovery Skills to Invoke api-fuzzing-bug-bounty - API fuzzing scanning-tools - API scanning Actions Enumerate endpoints Document API methods Identify parameters Map data flows Review documentation Copy-Paste Prompts Use @api-fuzzing-bug-bounty to discover API endpoints Phase 2: Authentication Testing Skills to Invoke broken-authentication - Auth testing api-security-best-practices - API auth Actions Test API key validation Test JWT tokens Test OAuth2 flows Test token expiration Test refresh tokens Copy-Paste Prompts Use @broken-authentication to test API authentication Phase 3: Authorization Testing Skills to Invoke idor-testing - IDOR testing Actions Test object-level authorization Test function-level authorization Test role-based access Test privilege escalation Test multi-tenant isolation Copy-Paste Prompts Use @idor-testing to test API authorization Phase 4: Input Validation Skills to Invoke api-fuzzing-bug-bounty - API fuzzing sql-injection-testing - Injection testing Actions Test parameter validation Test SQL injection Test NoSQL injection Test command injection Test XXE injection Copy-Paste Prompts Use @api-fuzzing-bug-bounty to fuzz API parameters Phase 5: Rate Limiting Skills to Invoke api-security-best-practices - Rate limiting Actions Test rate limit headers Test brute force protection Test resource exhaustion Test bypass techniques Document limitations Copy-Paste Prompts Use @api-security-best-practices to test rate limiting Phase 6: GraphQL Testing Skills to Invoke api-fuzzing-bug-bounty - GraphQL fuzzing Actions Test introspection Test query depth Test query complexity Test batch queries Test field suggestions Copy-Paste Prompts Use @api-fuzzing-bug-bounty to test GraphQL security Phase 7: Error Handling Skills to Invoke api-security-best-practices - Error handling Actions Test error messages Check information disclosure Test stack traces Verify logging Document findings Copy-Paste Prompts Use @api-security-best-practices to audit API error handling API Security Checklist Authentication working Authorization enforced Input validated Rate limiting active Errors sanitized Logging enabled CORS configured HTTPS enforced Quality Gates All endpoints tested Vulnerabilities documented Remediation provided Report generated Related Workflow Bundles security-audit - Security auditing web-security-testing - Web security api-development - API development

返回排行榜