- API (CSbyGB)
- API Security Checklist (GitHub)
- OWASP API Security Project (API Security Top 10)
- OWASP REST Security Cheat Sheet
➡ BChecks available on GitHub.
API Scanning with the API Specification file (YAML, JSON)
❗ OpenAPI Parser does not seem to work anymore. It might have been broken by Burp’s updates.
Use Burp extension OpenAPI Parser (PortSwigger) if you have the OpenAPI file (example of openid file). The extension supports YAML only: convert JSON to YAML if needed.