conducting-api-security-testing

Conducts comprehensive security testing of APIs to identify vulnerabilities using OWASP guidelines and tools like Burp Suite and Postman.

Install this skill

90/100

Security score

The conducting-api-security-testing skill was audited on May 15, 2026 and we found 2 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 90

Webhook reference - potential data exfiltration

SourceSKILL.md

90	- SSRF via API: Test any parameter that accepts URLs (webhook URLs, avatar URLs, import endpoints) with internal addresses and cloud metadata endpoints

medium line 103

Access to .env file

SourceSKILL.md

103	- Debug endpoints: Check `/api/debug`, `/api/status`, `/metrics`, `/health`, `/.env`, `/api/swagger.json` for exposed internal information

Scanned on May 15, 2026

View Security Dashboard

Installation guide →

GitHub Stars 4

Rate this skill

Categorydevelopment

UpdatedMay 31, 2026

api testing security-engineer data-analyst qa-engineer development data analytics

pinkpixel-dev/skills-collection-1