Browse categories
Explore
Fiverr Pro
English
$
USD
I will perform API penetration testing with detailed report
Certified Web App and API Penetration Tester
I am a certified penetration tester (eJPT, eWPT, eWPTX, ICCA) specializing in web application and API security. I help businesses secure their apps by testing for OWASP Top 10, authentication flaws, a...
About this Gig
Certified ethical hacker (eJPT, eWPT, eWPTX, ICCA + MIT) with 30+ bugs found on HackerOne & Bugcrowd. I provide authorized API security testing only ethical, legal, and white-hat. Explicit written permission and proof of ownership/authorization required before starting. No unauthorized access or illegal activities.
What you'll get:
- Manual + automated testing of endpoints (REST/GraphQL)
- Full coverage of OWASP API Top 10 (broken auth, IDOR, excessive data exposure, rate limiting, injection, etc.)
- Business logic flaws, auth bypass, rate limit abuse, data leaks
- Professional PDF report: CVSS risk ratings, screenshots/evidence, remediation advice
My process: Scope definition Recon & mapping Scanning Manual testing Reporting
Tools: Burp Suite Pro, Postman, custom scripts, industry standards.
Why me? Real bug bounty experience + hands-on platforms (HTB, TryHackMe, Juice Shop, CTFs).
Important: Share API docs/scope/PoC access first. For broader web app testing, check my main gig.
Message me to discuss your API let's secure it!
Testing application:
API
Development technology:
Java
•
PHP
•
Python
•
SQL
•
WordPress website
Device:
PC
•
Linux
My Portfolio
FAQ
What do I need to provide to start?
API endpoint URLs/docs, authentication details (test creds if needed), clear scope (endpoints to test), and signed authorization/permission proof.
Is this service legal and authorized?
Yes – all testing is ethical and authorized only. You must provide written proof of ownership/authorization and scope before we start. No unauthorized access.
Do you test production APIs?
Recommended: Test staging/dev environments first. Production testing possible only with strict authorization and low-risk approach.
What is included in the report?
CVSS-rated vulnerabilities, screenshots/evidence, risk levels, remediation steps. Basic: summary; Standard/Premium: detailed PDF.
Can you help fix the issues?
No direct fixes (ethical boundary), but detailed remediation advice included. Retest available in Premium.
