creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Anthropic-Cybersecurity-Skills/skills/detecting-api-enumeration-attacks/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

59 lines
1.9 KiB
Markdown
Raw Permalink Blame History

# API Enumeration Attack Detection — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| requests | `pip install requests` | WAF and SIEM API queries |
## Detection Techniques
| Technique | Indicator | Severity |
|-----------|-----------|----------|
| Sequential ID enumeration | /api/users/1, /api/users/2, ... | HIGH |
| Endpoint fuzzing | High 404 rate on /api/* paths | HIGH |
| Rate abuse | >50 API requests/minute from single IP | MEDIUM |
| Path discovery | Requests to /swagger, /api-docs, /graphql | HIGH |
| BOLA/IDOR probing | Access to other users' resource IDs | CRITICAL |
## NGINX Combined Log Format
```
$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
```
## Common Enumeration Paths
| Pattern | Description |
|---------|-------------|
| `/api/v1/users/{id}` | User ID enumeration |
| `/api/v1/accounts/{uuid}` | Account UUID guessing |
| `/graphql?query={__schema}` | GraphQL introspection |
| `/swagger/v1/swagger.json` | API documentation discovery |
| `/api-docs`, `/.well-known` | Endpoint discovery |
## WAF Rule Categories
| Category | Description |
|----------|-------------|
| `rate-limit` | Request rate exceeds threshold |
| `api-abuse` | Automated API enumeration |
| `bola` | Broken Object Level Authorization |
| `scanner` | Known scanner/fuzzer user-agent |
## OWASP API Security Top 10
| ID | Risk |
|----|------|
| API1 | Broken Object Level Authorization |
| API2 | Broken Authentication |
| API3 | Broken Object Property Level Auth |
| API4 | Unrestricted Resource Consumption |
| API5 | Broken Function Level Authorization |
## External References
- [OWASP API Security Top 10](https://owasp.org/API-Security/)
- [OWASP Testing Guide — API Testing](https://owasp.org/www-project-web-security-testing-guide/)
- [ModSecurity API Protection Rules](https://coreruleset.org/)
Reference in New Issue View Git Blame Copy Permalink