- API (CSbyGB)
- API Security Checklist (GitHub)
- OWASP API Security Project (API Security Top 10)
- OWASP REST Security Cheat Sheet
➡ BChecks available on GitHub.
Using Burp Suite
- From the Dashboard tab, click on New scan->API scan.
- In API definition, upload the OpenAPI definition.
API Scanning with the API Specification file (YAML, JSON)
OpenAPI Parser does not seem to work anymore. It might have been broken by Burp’s updates.
Use Burp extension OpenAPI Parser (PortSwigger) if you have the OpenAPI file (example of openid file). The extension supports YAML only: convert JSON to YAML if needed.