Skill

api-security

Tests API endpoints for vulnerabilities in GraphQL (introspection, batching), REST (BOLA, auth bypass), WebSocket (hijacking), and Web-LLM (prompt injection) using discovery and validation workflow.

GraphQL

REST API

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.

Supporting Assets

reference/api-testing-cheat-sheet.mdreference/api-testing-comprehensive-guide.mdreference/graphql-cheat-sheet.mdreference/graphql-nosql-combined.mdreference/graphql-quickstart.mdreference/graphql-resources.mdreference/web-llm-attacks-cheat-sheet.mdreference/web-llm-attacks-quickstart.mdreference/web-llm-attacks-resources.mdreference/websockets-cheat-sheet.mdreference/websockets-index.mdreference/websockets-quickstart.mdreference/websockets-resources.md

SKILL.md

Similar Skills

api-security-testing

36.4k

Guides security testing workflow for REST and GraphQL APIs: authentication, authorization, rate limiting, input validation, vulnerabilities. Use for audits or bug bounties.

antigravity-awesome-skills

conducting-api-security-testing

5.9k

Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic using OWASP Top 10, Burp Suite, and Postman.

3 files

cybersecurity-skills

conducting-api-security-testing

Conducts security testing of REST, GraphQL, and gRPC APIs using OWASP API Security Top 10, Burp Suite, Postman, and scripts to identify auth, authz, rate limiting, input validation, and business logic flaws.

asi

Stats

Stars223

Forks44

Last CommitMar 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

API Security

Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.

Techniques

Type	Key Vectors
GraphQL	Introspection, batching attacks, nested query DoS, field suggestion
REST API	BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning
WebSocket	Cross-site hijacking, message manipulation, auth flaws
Web-LLM	Prompt injection via API, excessive agency, data exfiltration

Workflow

Discover API endpoints and documentation (Swagger, GraphQL schema)
Map authentication and authorization mechanisms
Test per API type using appropriate techniques
Validate data exposure and access control flaws
Capture evidence with HTTP request/response logs

Reference

reference/graphql*.md - GraphQL attack techniques and labs
reference/api-testing*.md - REST API security testing guide
reference/websockets*.md - WebSocket vulnerability testing
reference/web-llm*.md - Web-LLM attack techniques and labs