Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
graphql.md		graphql.md
grpc.md		grpc.md
owasp-api-top10.md		owasp-api-top10.md
rest.md		rest.md

README.md

API

REST / GraphQL / gRPC pentest cheatsheets + OWASP API Security Top 10 reference. Authorized testing only.

Index

File	WSTG / API Top 10	MITRE ATT&CK
graphql.md	WSTG-APIT-01	T1190 Exploit Public-Facing Application
grpc.md	API Top 10 (full); see ./owasp-api-top10.md	T1190 Exploit Public-Facing Application
owasp-api-top10.md	API1..API10 (2023)	—
rest.md	API Top 10 (full) + WSTG-APIT-01	T1190 Exploit Public-Facing Application

Sources

OWASP API Security Project: https://owasp.org/www-project-api-security/
OWASP API Security Top 10 (2023): https://owasp.org/API-Security/editions/2023/en/0x00-header/
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
HackTricks API: https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/rest-api-pentesting.html
HackTricks gRPC: https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-grpc-protobuf.html