Top 12 Common API Vulnerabilities Every Tester Should Know

Understanding the most frequent API weaknesses—from information disclosure and broken object-level authorization to injection, misconfiguration, and business logic flaws—helps security testers identify, exploit, and report issues such as over‑exposed data, missing rate limits, and improper authentication across modern web services.

API SecurityBOLAbusiness logic

0 likes · 17 min read

Top 12 Common API Vulnerabilities Every Tester Should Know

MaGe Linux Operations

Jul 15, 2023 · Information Security

Top API Vulnerabilities Every Tester Should Know

This article surveys the most common API security flaws—including information disclosure, broken object‑level and function‑level authorization, over‑exposure of data, missing rate limits, mass‑assignment, misconfigurations, injection attacks, improper asset management, and business‑logic bugs—providing examples, code snippets, and practical testing tips for security professionals.

API SecurityAuthenticationBOLA

0 likes · 17 min read

Top API Vulnerabilities Every Tester Should Know

Architect

Apr 30, 2023 · Information Security

Common API Vulnerabilities and How to Detect Them

This article explains the most frequent API security weaknesses—including information disclosure, broken object‑level and function‑level authorization, authentication bypass, over‑exposure of data, missing rate limits, mass‑assignment, misconfiguration, injection, asset mismanagement, and business‑logic flaws—providing detection techniques and illustrative code examples.

Authenticationinformation disclosureinjection

0 likes · 17 min read

Common API Vulnerabilities and How to Detect Them

MaGe Linux Operations

Jul 21, 2017 · Information Security

Detecting Python Injection Vulnerabilities with AST Analysis

This article explains how Python injection flaws—such as OS command, code, SQL, and arbitrary file download attacks—can be identified by analyzing abstract syntax trees, tracking controllable parameters, and implementing static checks to flag dangerous function calls.

ASTPythonSecurity

0 likes · 10 min read

Detecting Python Injection Vulnerabilities with AST Analysis

ITPUB

Jun 15, 2016 · Information Security

How to Exploit and Defend Against MongoDB Injection Attacks

This article explains why MongoDB is chosen, demonstrates practical PHP injection techniques against MongoDB queries, shows how to enumerate databases and collections, and provides concrete defensive measures such as using implode(), addslashes() and regex sanitization to prevent attacks.

Database SecurityDefensive CodingMongoDB

0 likes · 5 min read

How to Exploit and Defend Against MongoDB Injection Attacks