Security Audit
- Category: Penetration Testing
- Standards followed: OWASP, SANS25
- Services Brochure: Download
API Penetration Testing
API (Application Programming Interface) is a set of procedures and functions that allow interaction between two components of a software application. API's enable communication and data exchange from one software system to another. API Testing ensures that the API in use meet expectations when it comes to Usability, Functionality, Performance, Reliability and of course Security.
A foundational element of innovation in today’s application-driven world is the API. Without secure APIs, rapid innovation would be impossible. Several organisations use APIs to connect services and to transfer data. Insecure APIs are behind major data breaches and hence expose sensitive data. Therefore, not all data is the same nor should be protected in the same way. How you approach API security will depend on what kind of data is being transferred. Web API security is concerned with the transfer of data through APIs that are connected to the internet. API Security also focuses on strategies and solutions to understand and mitigate the vulnerabilities and security risks of Application Programming Interfaces (APIs). We conduct the security assessment of REST as well as SOAP APIs and follow the OWASP API Security standard for the same.
API TESTING CATEGORIES
Validation Testing
This is the final step in the audit phase which assures you of the correct development against the stated needs and requirements.
Functional and Load Testing
Functional test ensures that the API functions are handled well and provide expected response. Load testing ensures the normal behavior of the app during high load or peak condition.
UI Testing
Test for the User Interface of the API, be it a command line or a graphical interface. This ensures usuability and efficiency of the app's frontend and backend.
Security and Fuzz Testing
Validating the encryption schemes and access controls for resource access is performed under Security Testing. Checking the behavior, program crash, overflow or any negative factor upon providing huge amount of random data or noise is performed under Fuzz testing.
DELIVERABLE
At the end of activity we provide a detailed report with the detailed findings, risk rating, steps for their mitigations along with appropriate screenshots.