API Fuzzer Tracking - TODO #1
Description
- Information Leak which includes server information, version disclosures
- Header info disclosure which detects Clickjacking, lack of HSTS, X-XSS protection etc.
- XSS module which should detect all kinds of xss, which need to be done with regex match.
- SQL injection Mostly error based which will be based on regex match of responses.
- XXE check
- Open Redirect vulnerability check
- Privilege Escalation or IDOR specifically - Little complicated a generic approach need to be used.
- API rate limit check
/cc: @abhijeth @srini0x00