api-security
1. Broken Object Level Authorization (BOLA) - API fails to validate user access to objects 2. Broken Authentication - Weak or missing authentication mechanisms 3. Broken Object Property Level Authorization - Missing field-level access control 4. Unrestricted Resource Consumption - No rate limiting or throttling 5. Broken Function Level Authorization - Missing authorization checks on endpoints 6. Unrestricted Access to Sensitive Business Flows - Automated abuse of legitimate workflows 7. Server Side Request Forgery (SSRF) - API accepts URLs without validation 8. Security Misconfiguration - Insecure default configs, verbose errors 9. Improper Inventory Management - Undocumented/deprecated APIs in production 10. Unsafe Consumption of APIs - Trusting third-party API data without validation
Installation and usage
1. Broken Object Level Authorization (BOLA) - API fails to validate user access to objects 2. Broken Authentication - Weak or missing authentication mechanisms 3. Broken Object Property Level Authorization - Missing field-level access control 4. Unrestricted Resource Consumption - No rate limiting or throttling 5. Broken Function Level Authorization - Missing authorization checks on endpoints 6. Unrestricted Access to Sensitive Business Flows - Automated abuse of legitimate workflows 7. Server Side Request Forgery (SSRF) - API accepts URLs without validation 8. Security Misconfiguration - Insecure default configs, verbose errors 9. Improper Inventory Management - Undocumented/deprecated APIs in production 10. Unsafe Consumption of APIs - Trusting third-party API data without validation
Once installed, you can use this skill by running the following command in your terminal:
skills use api-security