Our great sponsors
-
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
I'd first point you towards the Seclists repo, specifically at the resources they provide for discovering maybe hidden actions or endpoints on an API (Link here) . The angle of attack here would be brute forcing requests against a website that you know hosts an API, to find maybe endpoints or actions that aren't documented, or shouldn't be publicly available.
-
You could also try testing for sql injection against query parameters with sqlmap (Link) .
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- Restful API Testing (my way) with Express, Maria DB, Docker Compose and Github Action
- Is this sql query in django safe?
- Enhancing Code Quality and Security: Building a Rock-Solid CI Test Suite for Seamless Development
- 👨🏻💻Securing Your Web Applications from SQL Injection with SQLMap
- Are these good projects to have? (appsec)