陌讯skills聚合平台

api-security-testing

📁 sickn33/antigravity-awesome-skills 📅 6 days ago
21
总安装量
21
周安装量
#17318
全站排名
安装命令
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill api-security-testing

Agent 安装分布

codex 21
opencode 20
gemini-cli 20
github-copilot 20
kimi-cli 20
amp 20

Skill 文档

API Security Testing Workflow

Overview

Specialized workflow for testing REST and GraphQL API security including authentication, authorization, rate limiting, input validation, and API-specific vulnerabilities.

When to Use This Workflow

Use this workflow when:

  • Testing REST API security
  • Assessing GraphQL endpoints
  • Validating API authentication
  • Testing API rate limiting
  • Bug bounty API testing

Workflow Phases

Phase 1: API Discovery

Skills to Invoke

  • api-fuzzing-bug-bounty – API fuzzing
  • scanning-tools – API scanning

Actions

  1. Enumerate endpoints
  2. Document API methods
  3. Identify parameters
  4. Map data flows
  5. Review documentation

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to discover API endpoints

Phase 2: Authentication Testing

Skills to Invoke

  • broken-authentication – Auth testing
  • api-security-best-practices – API auth

Actions

  1. Test API key validation
  2. Test JWT tokens
  3. Test OAuth2 flows
  4. Test token expiration
  5. Test refresh tokens

Copy-Paste Prompts

Use @broken-authentication to test API authentication

Phase 3: Authorization Testing

Skills to Invoke

  • idor-testing – IDOR testing

Actions

  1. Test object-level authorization
  2. Test function-level authorization
  3. Test role-based access
  4. Test privilege escalation
  5. Test multi-tenant isolation

Copy-Paste Prompts

Use @idor-testing to test API authorization

Phase 4: Input Validation

Skills to Invoke

  • api-fuzzing-bug-bounty – API fuzzing
  • sql-injection-testing – Injection testing

Actions

  1. Test parameter validation
  2. Test SQL injection
  3. Test NoSQL injection
  4. Test command injection
  5. Test XXE injection

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API parameters

Phase 5: Rate Limiting

Skills to Invoke

  • api-security-best-practices – Rate limiting

Actions

  1. Test rate limit headers
  2. Test brute force protection
  3. Test resource exhaustion
  4. Test bypass techniques
  5. Document limitations

Copy-Paste Prompts

Use @api-security-best-practices to test rate limiting

Phase 6: GraphQL Testing

Skills to Invoke

  • api-fuzzing-bug-bounty – GraphQL fuzzing

Actions

  1. Test introspection
  2. Test query depth
  3. Test query complexity
  4. Test batch queries
  5. Test field suggestions

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to test GraphQL security

Phase 7: Error Handling

Skills to Invoke

  • api-security-best-practices – Error handling

Actions

  1. Test error messages
  2. Check information disclosure
  3. Test stack traces
  4. Verify logging
  5. Document findings

Copy-Paste Prompts

Use @api-security-best-practices to audit API error handling

API Security Checklist

  • Authentication working
  • Authorization enforced
  • Input validated
  • Rate limiting active
  • Errors sanitized
  • Logging enabled
  • CORS configured
  • HTTPS enforced

Quality Gates

  • All endpoints tested
  • Vulnerabilities documented
  • Remediation provided
  • Report generated

Related Workflow Bundles

  • security-audit – Security auditing
  • web-security-testing – Web security
  • api-development – API development
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。