I will perform API penetration testing and hardening

Morocco

I speak English, Arabic, French

Pentester

I’m Soufiane, a professional bug hunter and penetration tester with hands-on experience in identifying and exploiting real-world security vulnerabilities in web applications, APIs, and cloud environme...

About this Gig

Your API is Your New Perimeter. Is It Secure?

Modern applications rely entirely on APIs, yet these endpoints are often the most exposed and overlooked attack surface. I specialize in deep, manual penetration testing of REST and GraphQL APIs to identify vulnerabilities that put your data and users at risk.

My focus is on simulating real-world attacker behavior to test the Confidentiality, Integrity, and Availability of your API, ensuring robust protection against both common and complex threats.

What Makes This Testing Different?

Logic-Driven: I go beyond tools to find business logic flaws like unauthorized payment manipulation, rate limit bypasses, and IDOR (Insecure Direct Object Reference).
Authentication Focused: A comprehensive check of token handling, authorization mechanisms (OAuth, JWT), and session management.
Industry Standards: Testing adheres to best practices and common frameworks, including the OWASP API Security Top 10.
Actionable Reports: You receive a detailed report with clear risk ratings, step-by-step proof-of-concept, and precise code-level remediation advice.

Protect your backbone infrastructure. Let's discuss your API security needs today!