Does it support testing for privilege escalation?

Absolutely. The skill includes methodologies for testing both horizontal and vertical privilege escalation by manipulating tokens and object identifiers.

Is it suitable for testing microservices?

It is specifically designed for modern architectures, making it perfect for auditing microservices security, inter-service communication, and containerized API gateways.

Can I use this for automated fuzzing?

Yes, it provides integration patterns and commands for popular tools like ffuf, wfuzz, and Arjun to discover hidden parameters and endpoints automatically.

Does it include a security checklist?

Yes, the skill features a comprehensive checklist covering authentication, authorization, input validation, and business logic to ensure no vulnerability is overlooked.

Can this skill help with GraphQL introspection?

Yes, it provides specific queries and commands to perform full introspection and analyze the resulting schema for hidden types and fields.

API Security Testing

Name: API Security Testing
Author: trilwu

bytrilwu

0•

Security & Testing

Conducts comprehensive security audits and penetration tests on REST and GraphQL APIs to identify vulnerabilities like IDOR, injection, and authorization flaws.

This skill transforms Claude into an expert API penetration testing assistant, providing structured methodologies for auditing REST and GraphQL services. It covers the entire security lifecycle from initial reconnaissance and endpoint discovery to deep-dive exploitation of vulnerabilities like mass assignment, horizontal/vertical privilege escalation, and rate-limiting bypasses. It is ideal for security researchers, developers performing self-audits, and QA engineers looking to integrate security testing into their microservices workflow using specialized tools and proven security patterns.

Key Features

010 GitHub stars

02Rate limiting analysis and bypass strategy implementation

03Automated injection testing patterns for SQL, NoSQL, and XXE

04GraphQL-specific exploitation including introspection and DoS analysis

05Comprehensive REST and GraphQL reconnaissance and endpoint discovery

06Structured methodologies for IDOR and privilege escalation testing

Use Cases

01Performing a deep security audit on a new GraphQL endpoint before production deployment

02Testing microservices for Insecure Direct Object Reference (IDOR) vulnerabilities

03Automating API fuzzing and parameter discovery during the pentesting phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trilwu/secskills api-security-testing

For use in Claude.ai and ChatGPT

Download Skill