API Exposure

• Internal APIs exposed to the internet

Misconfigured Caching

• Custom headers (no Authorization header) and no Cache-Control or Pragma
  • Can lead to cached results and unauthorized access to data

Exposed tokens

• Exposed API keys
  • Github repos
  • using gau

JWT Weaknesses

• First part
  • "none" algorithm
  • "kids" parameter
    • SQLi
  • change key
• Second part
  • Change the data, hope no signature validation takes place
• Third part
  • No/False signature

Authorization Issues / IDOR

• UUIDs
• Parameters

Undocumented Endpoints

• Fuzzing for new endpoints

Different Versions

Conventional:

/api/v1/
/api/v2/
/api/beta/

Non-conventional (/api/):

qa
devenv
devenv1
devenv2
preprod
pre-prod
test
testing
staging
stage
dev
development
deploy
slave
master
review
prod
uat
prep
Version2