API Security Testing

In this project, I conducted a comprehensive security assessment on Payatu’s Damn Vulnerable API (DVAPI) to evaluate its exposure to the OWASP API Security Top 10 risks. Using Postman, I performed structured API enumeration, inspected request/response behaviors, and mapped endpoints to understand how data flowed through the application. I then used Burp Suite to intercept traffic, analyze parameters, and perform targeted attacks such as fuzzing, authentication bypass attempts, and authorization misuse. This allowed me to simulate real-world API attack scenarios and observe how the application responded under adversarial conditions.

Throughout the testing process, I identified several common API vulnerabilities, including weak authentication mechanisms, insecure object-level authorization, excessive data exposure, and improper handling of user inputs. I documented each issue with proof-of-concept exploitation steps. This project strengthened my ability to approach API security from both an attacker’s and defender’s perspective, enhanced my skills in using professional testing tools, and deepened my understanding of modern API security threats.