CG-Cybersecurity

CG-CybersecurityCG-CybersecurityCG-Cybersecurity
  • Sign In
  • Create Account
  • Bookings
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • Bookings
  • My Account

  • Sign out

  • Home
  • Risk and Compliance
    • CIS 18 Assessment
    • SOC Assessment
    • Cyber Risk Assessment
    • Privacy and protocols
    • Mergers & Acquisitions
    • Security Policies
  • Pen Test
    • Mobile Apps
    • APIs
    • Infrastructure
    • Web Applications
  • Employee Training
    • Organization's Leaders
  • Security Services
    • Vulnerability Scanning
    • Threats Hunting
    • IT Forensic
    • Virtual CISO
  • Ransomware
  • Other Services
    • Digital Transofrmation
  • Cybersecurity frameworks
    • NIST Framework for Banks
    • CIPHER Framework
    • CBEST Framework
  • Contact us
  • More
    • Home
    • Risk and Compliance
      • CIS 18 Assessment
      • SOC Assessment
      • Cyber Risk Assessment
      • Privacy and protocols
      • Mergers & Acquisitions
      • Security Policies
    • Pen Test
      • Mobile Apps
      • APIs
      • Infrastructure
      • Web Applications
    • Employee Training
      • Organization's Leaders
    • Security Services
      • Vulnerability Scanning
      • Threats Hunting
      • IT Forensic
      • Virtual CISO
    • Ransomware
    • Other Services
      • Digital Transofrmation
    • Cybersecurity frameworks
      • NIST Framework for Banks
      • CIPHER Framework
      • CBEST Framework
    • Contact us

CG-Cybersecurity

CG-CybersecurityCG-CybersecurityCG-Cybersecurity

Signed in as:

filler@godaddy.com

  • Home
  • Risk and Compliance
    • CIS 18 Assessment
    • SOC Assessment
    • Cyber Risk Assessment
    • Privacy and protocols
    • Mergers & Acquisitions
    • Security Policies
  • Pen Test
    • Mobile Apps
    • APIs
    • Infrastructure
    • Web Applications
  • Employee Training
    • Organization's Leaders
  • Security Services
    • Vulnerability Scanning
    • Threats Hunting
    • IT Forensic
    • Virtual CISO
  • Ransomware
  • Other Services
    • Digital Transofrmation
  • Cybersecurity frameworks
    • NIST Framework for Banks
    • CIPHER Framework
    • CBEST Framework
  • Contact us

Account

  • Bookings
  • My Account

  • Sign out

  • Sign In
  • Bookings
  • My Account

API testing

Application ProgrammingTesting

  • APIs are a set of protocols that enables programs to communicate and exchange data.
  • API testing also involves reverse engineering.
  • Ethical Hackers are also involved to try to gain knowledge how the API works
  • API testing ensures that:
    •  Authentication and authorization. are implemented
    • Usage of  SSL/TLS encryption.
    • Use auditing and logging. 
    • Restriction of  access to sensitive data. 
    • Monitor and alert on anomalous activity.

Examples of API hacking

 

  • Stolen Authentication

Trying to  access an API is to hijack the identity of an authorized user. e.g. steeling (Deep Dark Web is a good farm for such activities) authentication token can be used to access resources with malicious intent while appearing legitimate.

Cybercriminals will try to guess authentication passwords or break a weak authentication process to gain access.

  • Man-in-the-Middle Attack

A man-in-the-middle (MITM) attack occurs when a malicious hacker intercepts a request or response between an end user and an API.


  • Code Injections

Gaps in between authentication and validation APIs are vulnerable to code injections, in which an attacker sends a script to an application’s server via an API request. 


  • Denial-of-Service Attack

Is simply overwhelming  server’s resources with API requests.

Copyright © 2024 cg-Cybersecurity- All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept