Procudures
Procudures
Tools Needed:
Environment Setup:
Identify Weaknesses:
Look for injection points or error messages revealing vulnerabilities.
Parameter Manipulation:
Alter parameters like id, type, token to see if insecure operations occur.
Undocumented Endpoints:
Review swagger.json and swagger.yaml.
Test endpoints with different HTTP methods and payloads.
Token Security:
Inspect tokens from /api/token.
Check for weak or predictable tokens.
Capture Proofs:
Screenshots, request/response logs.
Exploit code snippets.
Step 9: Reporting