Introduction

What?

Locate the APIs and validate whether they are operational, find credential information (keys, secrets, usernames, passwords), version information, API documentation, and information about the API’s purpose.

Why?

The more information gathered about a target, the better the odds of discovering and exploiting API-related vulnerabilities.

How?