General

Active Scan

Use Burp/ZAP to actively scan the target for common security misconfigurations, such as missing security headers (Figure 1). Validate each one as this may include many false positives.

The below example as well as the one on the JavaScript Files section are based on the crAPI application.

Figure 1: Actively scanning the target with Burp Suite.

Base Path

The example below is based on PostSwigger's API Testing module.

Investigate the base path of each endpoint (Figure 2 & 3).

Figure 2: Testing the endpoint's base path.
Figure 3: Continuing testing the endpoint's base path reveals a non-documented endpoint that results in BFLA.

JavaScript Files

We can use the JS Link Finder Burp extension to search within the JavaScript files for patterns that suggest API endpoints (Figure 4).

Figure 4: Reviewing the JS Link Finder log.
PreviousTestsNextSecurity Headers

Last updated

Was this helpful?