Where to start with api security testing?

Question

I have the backend api of an iOS application. I would like learn api testing on this.

How to begin with api security testing?Please suggest some tutorials and tools available online.

Answer 1

Tips to ensure that your APIs are fully security tested :

Automate: Most of the testing approaches for security vulnerabilities that we have covered can be automated (here’s a tool to help you do so); and should definitely be done so – preferably against your production environment in some way. A system upgrade or server reconfiguration could be just as much a cause for a security vulnerability as bad development in the code of your APIs – and you definitely want to find out if such changes open up for unexpected vulnerabilities before anyone else.

Stay on top: OWASP provides invaluable services and information on Internet related security vulnerabilities – and how to work against them. Make it a habit to check out their website and match their recommendations and findings against your APIs and infrastructure. Follow their guidelines – specifically those geared at APIs – and make sure you are doing what you can base on their resources.

Finally – It’s your problem: Security is probably not going to be fixed or worried by anyone else than you, – make sure you give it the same attention and focus as you do to functional, performance, usability, A/B testing, etc. The price to pay for leaked passwords or erased user data is too high to pay for you not to care (which I know you do).

Visit this, page it tell you how you can do security check on your API's