9 API Abuse and Business Logic Testing

With this chapter, we will finish the fourth part of our book. We just learned about data exposure and information leakage, which are unfortunately very common nowadays. It is also unfortunate that there are even more dangerous ways to break API protection controls. Abusing the right way of using endpoints is one of them. Exploiting the API logic is another fearsome one.

API abuse refers to the misuse of an API beyond its intended purpose, leading to security vulnerabilities, data breaches, or service disruptions. Business logic testing involves identifying vulnerabilities in the application’s business rules and workflows. This ensures that the application behaves as intended in all scenarios. Together, ...

Get Pentesting APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting APIs by Maurício Harley

9

API Abuse and Business Logic Testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly