search
cipheropsInstagramLinkedinTwitterTelegram
Page cover

🧞‍♀️API Security Cheat Sheet PART - 3

Further Authentication Techniques and Their Security Implications

  1. Missing Colon in JSON

    {"login" "admin",
"password": "password"}

    Description: Showcases a JSON formatting error with a missing colon, highlighting the need for strict adherence to JSON syntax standards.

  2. Invalid Boolean as Credentials

    {"login": yes,
"password": no}

    Description: Utilizes unrecognized boolean values as credentials, emphasizing the importance of data type validation.

  3. All Keys, No Values

    {"": "",
"": ""}

    Description: Represents a case with empty keys and values, underscoring the need to handle edge cases in JSON parsing.

  4. Nested Objects in Credentials

    {"login": {"innerLogin": "admin",
"password": {"innerPassword": "password"}}}

    Description: Demonstrates nested objects for authentication, posing challenges in parsing and validating nested structures.

  5. Case Sensitivity Testing

    {"LOGIN": "admin",
"PASSWORD": "password"}

    Description: Focuses on case sensitivity in JSON keys, stressing the importance of consistent key naming conventions.

  6. Login as a Number, Password as a String

    {"login": 1234,
"password": "password"}

    Description: Highlights mixed data types for login and password, underscoring the need for flexible data handling.

  7. Login as a String, Password as a Number

    {"login": "admin",
"password": 1234}

    Description: Inverts the data types of login and password, again emphasizing the importance of handling different data types.

  8. Repeated Keys

    {"login": "admin",
"login": "user",
"password": "password"}

    Description: Illustrates a scenario with duplicate keys, pointing to the necessity of handling such anomalies in JSON structures.

  9. Single Quotes Instead of Double

    {'login': 'admin',
'password': 'password'}

    Description: Uses single quotes, which are invalid in JSON, highlighting the need for correct quote usage.

  10. Login and Password with Only Special Characters

    {"login": "@#$%^&*",
"password": "!@#$%^&*"}

    Description: Consists of special characters only, showcasing the importance of robust character handling in authentication.

PreviousAPI Security Cheat Sheet PART - 2NextAPI Security Cheat Sheet PART - 4

Last updated