API Security Empire


API Security Projecto aims to present unique attack & defense methods in API Security field

In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!

First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:

API Pentesting Mindmap

PDF Version


XMind Version


Second gate: {{Attacking}}

Attacking RESTful & SOAP:

API Pentesting Mindmap ATTACK

PDF Version


XMind Version


Attacking GraphQL:

Due to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:

API Pentesting Mindmap GraphQL Attacking

PDF Version


XMind Version


Special thanks:

The API Security Empire is a github repository Cypro AB