This project contains an API Security Risk Analysis conducted as part of the Future Interns Cyber Security Internship program.
The objective of this task was to analyze a public API, identify potential security risks, and document findings in a professional security report similar to those produced by application security consultants.
JSONPlaceholder Public API
Base URL: https://jsonplaceholder.typicode.com
This API is intentionally public and designed for testing and learning purposes.
- Postman – API testing and request inspection
- Browser Developer Tools – Header and response inspection
- Manual security analysis
The following methodology was used during the assessment:
- Endpoint identification
- Authentication review
- Authorization validation
- Data exposure analysis
- Response header inspection
- Rate limiting observation
- Risk classification
- Business impact assessment
- Remediation recommendations
The findings were evaluated using security best practices and aligned with the OWASP API Security Top 10 framework.
Some endpoints were accessible without authentication, allowing any user to retrieve data.
Severity: Medium
The API returned complete user objects including fields such as email, phone, address, and company.
Severity: Medium
User data could be accessed by modifying the object ID parameter.
Severity: High
Some recommended security headers were not present in the API responses.
Severity: Low
| Finding | Severity |
|---|---|
| Unauthenticated API Access | Medium |
| Excessive Data Exposure | Medium |
| Broken Object Level Authorization | High |
| Partial Security Header Hardening | Low |
The full API Security Risk Analysis report is available in this repository.
File: text
This project demonstrates:
- Understanding of API security concepts
- Ability to perform read-only API security assessments
- Knowledge of common API vulnerabilities
- Security reporting and documentation skills
P. Yogeshwar
Cyber Security Intern – Future Interns