logo
Red wilds
API recon and attack runbooks
  • Privacy greenhouse
  • Defence blues
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Unseen University Power & Light Co.
    • The Scarlet Semaphore
    • Myrddin’s menagerie
    • In: Where the falcons and foxes roam
      • A canopy of apple-blossom
      • Social engineering
      • Where wild boars plough through endpoints
        • Tusks, snouts, and fuzzing snorts
        • API recon and attack runbooks
          • Runbook: Endpoint discovery
          • Runbook: Schema analysis
          • Runbook: Authentication testing
          • Runbook: BOLA and BFLA testing
          • Runbook: Injection testing
          • Runbook: Rate limit testing and bypass
          • Runbook: Business logic testing
          • Runbook: Race condition testing
        • API recon and attack runbooks
          • Runbook: Endpoint discovery
          • Runbook: Schema analysis
          • Runbook: Authentication testing
          • Runbook: BOLA and BFLA testing
          • Runbook: Injection testing
          • Runbook: Rate limit testing and bypass
          • Runbook: Business logic testing
          • Runbook: Race condition testing
        • API attack playbooks
        • Where boars sharpen their tusks
      • Wolverines do not ask for permissions
      • Riches in the ground
      • The device is just the keyring
      • Poking physics with network packets
    • Through: Where the raccoons burrow and rummage
    • Out: Where squirrels swipe the crown jewels

    API recon and attack runbooks¶

    Step-by-step procedures for each stage of API testing. Run endpoint discovery and schema analysis first to build the complete picture of the attack surface, then proceed to targeted attack runbooks.

    • Runbook: Endpoint discovery
    • Runbook: Schema analysis
    • Runbook: Authentication testing
    • Runbook: BOLA and BFLA testing
    • Runbook: Injection testing
    • Runbook: Rate limit testing and bypass
    • Runbook: Business logic testing
    • Runbook: Race condition testing
    2026-03-25 22:33
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7