I’ve heard multiple people say that fuzzing for API Endpoint Discovery is more difficult than fuzzing a Web App for Subdirectory Enumeration. I don’t really understand how it’d be any different, but am I missing something?
For example, “ffuf” has a setting to recursively scan every match it finds; there’s a note in the Github repo saying it should only be used for APIs or else it’ll be overkill
I don’t have a lot of experience with APIs yet, and I’d really appreciate any help figuring this out. Thanks for your time!
[link] [comments]
from hacking: security in practice https://ift.tt/uITPGMs
Comments
Post a Comment