API Security Audit
Find auth, injection, and data-leak issues before users do.
API security review is usually done last and shallow. Teams need a methodology-driven pass that covers OWASP-style cases, AI-specific risks, and patterns lifted from past breaches.
Recommended skills推荐 skill
3 picks · Best pick first, ranked by fitAPI安全测试的专业技能和方法论
- auto-discovered
- github
- star-1000-plus
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. Use for ANY security testing, auditing, or code review of web apps, APIs, or business systems — even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, 渗透测试, 安全审计, 漏洞挖掘, 支付安全, 越权, 逻辑漏洞, 业务安全, SRC, 代码审计. Also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "帮我测测这个接口", "这个参数能不能改", "帮我找bug".
- auto-discovered
- github
- star-1000-plus
A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Python script, no plugin required. Requires AIGBASEURL to be configured. Triggers on: scan AI service, AI vulnerability scan, scan AI infra, check CVE, audit AI service, scan MCP, scan skills, audit AI tools, scan agent, red-team LLM, jailbreak test, 扫描AI服务, 检查AI漏洞, 扫描AI工具, 检查MCP安全, 审计Agent, 越狱测试.
- auto-discovered
- github
- star-1000-plus