Summary
API testing is a vast area of research and is still evolving. In this chapter, we saw a generic methodology that one should apply to test any kind of API. This included studying the API structure, understanding request methods, understanding responses, and so on. It also included techniques which one should apply to list endpoints and exploit bugs on real production API. We saw examples of API bugs on sites, such as Facebook, in which we applied our generic methodology to study (learn) about API by understanding structure, roles, scopes, etc. and then exploiting it. API testing has still not evolved, and there's a lot of scope in research.
For learning more about how real API bugs are exploited, I would recommend readers read the following:
APIs have gained a lot of popularity nowadays and have brought immense flexibility to cross application integrations, but they also give rise to large and complex attack surfaces. Due...
