Recommendations for testing the security of API services

Abstract

The bachelor's thesis offers a set of tools for both manual and automated security testing of API services, including REST API, as well as testing methodology in the form of guidelines based on existing frameworks for assessing the security of information systems – ISSAF and OWASP Web Security Testing Guide. According to the recommendations, the testing process can be divided into three successive phases: the phase of collecting information, the phase of API security mechanisms testing, and the phase of analyzing and documenting results and cleaning the consequences.