scanning-api-security
Installation
SKILL.md
Scanning API Security
Overview
Detect API security vulnerabilities by scanning endpoint implementations, authentication flows, and data handling against the OWASP API Security Top 10. Identify injection vectors, broken authentication, excessive data exposure, mass assignment, and missing rate limiting through static analysis of route handlers, middleware chains, and request validation logic.
Prerequisites
- API source code with route definitions and controller/handler implementations accessible
- OpenAPI specification for cross-referencing documented vs. implemented security controls
- OWASP API Security Top 10 (2023) checklist familiarity
- Security scanning tools: OWASP ZAP, Burp Suite, or
nucleifor dynamic testing - Dependency vulnerability scanner:
npm audit,safety(Python), orgovulncheck