Running Basic Security Tests Against Twitter API

I tweet once in a while about product/organization updates. I’ve built a couple of Twitter integrations in the past.

As part of security research, I look for vulnerabilities in public APIs and mobile/web backend APIs. I often use the free API securit…


This content originally appeared on DEV Community and was authored by Intesar Shannan Mohammed

I tweet once in a while about product/organization updates. I've built a couple of Twitter integrations in the past.

As part of security research, I look for vulnerabilities in public APIs and mobile/web backend APIs. I often use the free API security testing tool to run basic tests. These tests are safe and non-intrusive; they detect OAuth 2.0/JWT/Authentication flaws in APIs. Twitter and similar organizations wouldn't mind or see these tests.
https://apisec-inc.github.io/pentest/

I used this Twitter API OpenAPI Specification file URL for testing:
https://api.twitter.com/labs/2/openapi.json

Here is the simple process I followed. I pointed the tool to the Twitter OpenAPI Spec file and just ran the basic tests to see what it returns.
The result came back with one endpoint being open to the public. Upon further investigation, I realized the endpoint was returning the API scheme, so it wasn't a big deal.

Security Report

Vulnerabilities

Conclusion: All Twitter API endpoints are secure, and no issues were found.


This content originally appeared on DEV Community and was authored by Intesar Shannan Mohammed


Print Share Comment Cite Upload Translate Updates
APA

Intesar Shannan Mohammed | Sciencx (2022-05-10T21:13:21+00:00) Running Basic Security Tests Against Twitter API. Retrieved from https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/

MLA
" » Running Basic Security Tests Against Twitter API." Intesar Shannan Mohammed | Sciencx - Tuesday May 10, 2022, https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/
HARVARD
Intesar Shannan Mohammed | Sciencx Tuesday May 10, 2022 » Running Basic Security Tests Against Twitter API., viewed ,<https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/>
VANCOUVER
Intesar Shannan Mohammed | Sciencx - » Running Basic Security Tests Against Twitter API. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/
CHICAGO
" » Running Basic Security Tests Against Twitter API." Intesar Shannan Mohammed | Sciencx - Accessed . https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/
IEEE
" » Running Basic Security Tests Against Twitter API." Intesar Shannan Mohammed | Sciencx [Online]. Available: https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/. [Accessed: ]
rf:citation
» Running Basic Security Tests Against Twitter API | Intesar Shannan Mohammed | Sciencx | https://www.scien.cx/2022/05/10/running-basic-security-tests-against-twitter-api/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts