explainx.ainewsletter3.5k
ai newstrendingpathwaysworkshopsskills
pricing
workshops ↗
explainx.ai

Upskill in AI — 16 free pathways, live workshops & bootcamps, and 50+ courses from practitioners. Plus the skills, tools, and MCP servers to practice on.

follow us

custom AI agents

[email protected]

get started

Join · $29/mo

learn

pathways — start freeworkshopsbootcampscoursescertificationsmock testsexplainx universitycorporate traininglearn skills & mcp

discover

skillsmcp serverstoolsagentsllmsdesignsagi trackerranks

company

aboutvisionmissionteaminstructorscommunityhackathonscareers

content

daily AI newsblogreleasespromptsgeneratorsresource librarydemofor LLMs

solutions

all solutionsdeveloper upskillingmarketing upskillingproduct manager upskillingleadership upskilling

Sister Products

Infloq

Infloq

Influencer marketing

BgBlur

BgBlur

Privacy-first blur

Olly Social

Olly Social

Social AI copilot

Ceptory

Ceptory

Video intelligence

BgRemover

BgRemover

Background removal

newsletter · weekly

Get AI news, tools, and insights in your inbox.

contactsupportprivacytermsdata rightssubmission guidelines

© 2026 AISOLO Technologies Pvt Ltd

home/skills/tag/api-security
skill tag

api-security▌

29 indexed skills · max 10 per page

skills (29)

performing-api-fuzzing-with-restler

mukul975/Anthropic-Cybersecurity-Skills · performing-api-fuzzing-with-restler

0

Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences that exercise API endpoints, discover producer-consumer dependencies between requests, and find security and reliability bugs. The tester compiles an OpenAPI specification into a RESTler fuzzing grammar, configures authentication, runs test/fuzz-lean/fuzz modes, and analyzes results for 500 errors, authentication bypasses, resource leaks, and payload injection vulnerabilities. Activates for requests involving API fuzzing, RESTler testing, stateful API testing, or automated API security scanning.

testing-api-for-broken-object-level-authorization

mukul975/Anthropic-Cybersecurity-Skills · testing-api-for-broken-object-level-authorization

0

Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.

implementing-api-abuse-detection-with-rate-limiting

mukul975/Anthropic-Cybersecurity-Skills · implementing-api-abuse-detection-with-rate-limiting

0

Implement API abuse detection using token bucket, sliding window, and adaptive rate limiting algorithms to prevent DDoS, brute force, and credential stuffing attacks.

detecting-api-enumeration-attacks

mukul975/Anthropic-Cybersecurity-Skills · detecting-api-enumeration-attacks

0

Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.

detecting-broken-object-property-level-authorization

mukul975/Anthropic-Cybersecurity-Skills · detecting-broken-object-property-level-authorization

0

Detect and test for OWASP API3:2023 Broken Object Property Level Authorization vulnerabilities including excessive data exposure and mass assignment attacks.

performing-api-security-testing-with-postman

mukul975/Anthropic-Cybersecurity-Skills · performing-api-security-testing-with-postman

0

Uses Postman to perform structured API security testing by building collections that test for OWASP API Security Top 10 vulnerabilities including authentication bypass, authorization flaws, injection, and data exposure. The tester creates environments with multiple user roles, writes test scripts for automated security validation, and integrates Postman with OWASP ZAP and Newman for CI/CD security testing. Activates for requests involving Postman security testing, API security collection, automated API testing, or OWASP API testing with Postman.

exploiting-jwt-algorithm-confusion-attack

mukul975/Anthropic-Cybersecurity-Skills · exploiting-jwt-algorithm-confusion-attack

0

Exploits JWT algorithm confusion vulnerabilities where the server's token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass.

testing-api-security-with-owasp-top-10

mukul975/Anthropic-Cybersecurity-Skills · testing-api-security-with-owasp-top-10

0

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

testing-oauth2-implementation-flaws

mukul975/Anthropic-Cybersecurity-Skills · testing-oauth2-implementation-flaws

0

Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.

exploiting-excessive-data-exposure-in-api

mukul975/Anthropic-Cybersecurity-Skills · exploiting-excessive-data-exposure-in-api

0

Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying on the frontend to filter sensitive fields. The tester intercepts API responses and analyzes them for leaked PII, internal identifiers, debug information, or sensitive business data that the UI does not display but the API transmits. This maps to OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving API data leakage testing, excessive data exposure, response filtering bypass, or API over-fetching.

prevpage 2 / 3next