In this chapter, you’ll explore using fuzzing techniques to discover several of the top API vulnerabilities discussed in Chapter 3. The secret to successfully discovering most API vulnerabilities is knowing where to fuzz and what to fuzz with. In fact, you’ll likely discover many API vulnerabilities by fuzzing input sent to API endpoints.

Using Wfuzz, Burp Suite Intruder, and Postman’s Collection Runner, we’ll cover two strategies to increase your success: fuzzing wide and fuzzing deep. We’ll also discuss how to fuzz for improper assets management vulnerabilities, find the accepted HTTP methods for a request, and bypass input sanitization. ...