https://daniyalahmed.dev/tags/api/Recent content in API on Daniyal Ahmed | Red Team & Cloud SecurityHugo -- gohugo.ioen-usdaniyal.ahmed@microtechx.com (Daniyal Ahmed)daniyal.ahmed@microtechx.com (Daniyal Ahmed)Sat, 02 May 2026 00:00:00 +0000https://daniyalahmed.dev/posts/api-pentesting-lab-setup-complete/Sat, 02 May 2026 00:00:00 +0000daniyal.ahmed@microtechx.com (Daniyal Ahmed)https://daniyalahmed.dev/posts/api-pentesting-lab-setup-complete/There is no better way to understand how API vulnerabilities work than to build a deliberately broken one and attack it yourself. This lab does exactly that. We set up a Flask API riddled with every major OWASP API Security Top 10 weakness, then systematically exploit each one using curl, Python scripts, Burp Suite, and jwt_tool. By the end you will have personally exploited SQL injection, broken object level authorization, JWT forgery, mass assignment, SSRF, and more all in a safe, isolated environment running on your own machine, no external setup required.