/ api pentest

API pentesting, where the real flaws live.

AI penetration testing for REST and GraphQL APIs, covering broken object-level authorization, mass assignment, query-depth abuse, authentication flaws, and business logic vulnerabilities.

APIs are where business logic runs. We test REST and GraphQL surfaces for the flaws scanners consistently miss: broken object-level auth, mass assignment, query abuse, and the chained bugs that turn low-severity findings into takeover.

Request access See the platform
PROTOCOLS · REST + GraphQL · internal + third-party
DEPTH · BOLA · BFLA · logic · query abuse
OUTPUT · Signed report + unlimited retests
// TOP FINDINGS · last 30 days
CRITBOLA · /users/{id}/invoices×4
CRITGraphQL introspection · prod×2
HIGHMass assignment · role field×3
HIGHBFLA · admin method on user×3
MEDRate-limit bypass · header trick×5
MEDVerbose error disclosure×7
/ why this surface

APIs are where scanners fail.

A scanner sees a fuzzed endpoint. An API pentester sees a stateful conversation with auth, logic, and side effects. The bugs that matter are the ones you can only find by reasoning about the API, not fuzzing it.

01 · BOLA / BFLA

The OWASP API #1 for a reason

Broken object-level auth is the most common serious API flaw, and it's the hardest to automate. It requires knowing whose data is whose. The AI tests systematically with multiple accounts; humans verify the business impact.

02 · GRAPHQL

A whole new surface, same old scanners

Query depth, alias abuse, introspection in prod, batching attacks, field-level auth bypass. GraphQL is a different protocol and needs different tradecraft. We've got it; most scanners don't.

03 · CHAINED FLAWS

Low-severity bugs, high-severity outcomes

An info disclosure plus a mass assignment plus a weak rate limit is a takeover. Scanners report each finding in isolation. Our AI chains them; our humans verify the chain actually works end to end.

/ what we test

What we test on APIs.

REST and GraphQL. Authenticated and unauthenticated. Internal and external. Every engagement.

01 · AUTHORIZATION

Who can do what

  • BOLA / IDOR across resources
  • BFLA · admin methods on user roles
  • Tenant isolation gaps
  • Object-property auth flaws
  • Scope escalation
  • Service-to-service auth abuse
02 · REST SPECIFICS

HTTP's own quirks

  • Mass assignment
  • HTTP method tampering
  • Verb override abuse
  • Parameter pollution
  • Content-type confusion
  • Rate-limit bypass (headers / IP)
03 · GRAPHQL SPECIFICS

Query language attacks

  • Introspection in production
  • Query depth / complexity DoS
  • Alias-based rate-limit bypass
  • Batched query abuse
  • Field-level auth gaps
  • Mutation via query chaining
04 · LOGIC & DATA

What the API actually does

  • Business-logic abuse
  • Race conditions
  • Replay attacks
  • Data exfiltration via pagination
  • Batch endpoint abuse
  • Webhook SSRF
/ what we've found

Example findings from this surface.

Illustrative examples of real vulnerability classes on this attack surface. Anonymized, but every one based on patterns our pentesters encounter repeatedly.

CRIT
BOLA: any user can read any invoice
/api/users/{id}/invoicesCVSS 9.1confirmed

The invoice endpoint trusted the path-level user ID without checking it matched the authenticated session. Any valid session could enumerate every user's invoices. 120k records exposed in testing scope.

A
@arjun · reviewer note: AI enumerated 50 IDs, confirmed reads. I verified the pattern extended to the whole dataset. Fix was one middleware: session.user_id must match path.user_id.
CRIT
GraphQL introspection enabled in production
POST /graphqlCVSS 7.5confirmed

The full schema was queryable in production via `__schema` introspection. This revealed internal admin mutations that weren't meant to be exposed. One of them had a BFLA flaw.

A
@arjun · reviewer note: Introspection is a map of the API. Combined with the BFLA we found 30 minutes later, this was a total compromise path. Disable introspection in prod unless you have a reason.
HIGH
Mass assignment: role field accepted on profile update
PATCH /api/meCVSS 8.4confirmed

The profile update endpoint deserialized the request body into the User model directly. Including `"role": "admin"` in the JSON body elevated the user to admin. No audit log fired.

A
@arjun · reviewer note: Oldest trick in ORM-backed APIs. AI flagged unexpected 200 on injected field. I confirmed persistence and admin-only endpoint access. Allowlist fields server-side, always.
HIGH
GraphQL alias abuse defeats rate limiting
POST /graphqlCVSS 7.1confirmed

Login rate-limiting was enforced per HTTP request. A single GraphQL query could include 100 aliased login mutations, each trying a different password. Effective rate: 100x the limit.

A
@arjun · reviewer note: Classic GraphQL pitfall. Scanner would see a 200 and move on. I ran a brute-force against a test account, succeeded in under a minute. Limit per-mutation, not per-request.

// illustrative examples · not real customer engagements

/ invite-only

Ship faster than your pentesters? Let's fix that.

Tell us what you ship and we'll scope a pilot on this surface. The AI and the reviewer take it from there.

Request access