Identify the API’s entry points, which are the locations where an attacker can access the application.

These include:

1. The client-side of a web application (such as JavaScript) that interacts with an API via HTTP requests and responses; 2. A mobile app that communicates with an API using HTTPS; 3. An IoT device or other hardware that uses RESTful APIs to communicate data to cloud applications; 4. A service layer in a microservices architecture, which is exposed through one or more APIs for use by other services in the system; 5. An embedded device such as a smart TV or car infotainment system, which exposes its functionality via an API for remote control by users and developers alike 6

Back to Main