{"id":230145,"date":"2024-01-02T18:22:08","date_gmt":"2024-01-02T18:22:08","guid":{"rendered":"https:\/\/www.devsecops.ltd\/?p=230145"},"modified":"2024-02-01T06:46:44","modified_gmt":"2024-02-01T06:46:44","slug":"api-penetration-testing","status":"publish","type":"post","link":"https:\/\/www.devsecops.ltd\/api-penetration-testing\/","title":{"rendered":"What is API Penetration Testing? &#8211; Guide for 2024"},"content":{"rendered":"<p>In today&#8217;s digital world, APIs (Application Programming Interfaces) play a vital role in enabling communication and integration between systems, applications, and services. However, with the increasing reliance on APIs, the need to ensure their security also becomes crucial. API penetration testing, also known as API pentesting, is a process that helps organizations identify and mitigate vulnerabilities in their APIs to protect against potential attacks. In this article, we will delve into the concept of API penetration testing<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_67_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#What_is_API_Penetration_Testing\" title=\"What is API Penetration Testing?\">What is API Penetration Testing?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Why_is_API_Pentesting_Important\" title=\"Why is API Pentesting Important?\">Why is API Pentesting Important?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#API_Pentesting_Process\" title=\"API Pentesting Process\">API Pentesting Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#API_Penetration_Testing_Checklist\" title=\"API Penetration Testing Checklist\">API Penetration Testing Checklist<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Understand_the_API\" title=\"Understand the API:\">Understand the API:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Identify_the_Attack_Surface\" title=\"Identify the Attack Surface:\">Identify the Attack Surface:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Perform_Vulnerability_Assessment\" title=\"Perform Vulnerability Assessment:\">Perform Vulnerability Assessment:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Enumerate_and_Test_Endpoints\" title=\"Enumerate and Test Endpoints:\">Enumerate and Test Endpoints:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Test_Authentication_and_Authorization\" title=\"Test Authentication and Authorization:\">Test Authentication and Authorization:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Test_Input_Validation\" title=\"Test Input Validation:\">Test Input Validation:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Test_for_Security_Misconfigurations\" title=\"Test for Security Misconfigurations:\">Test for Security Misconfigurations:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Check_for_Rate_Limiting_and_Brute_Force_Protections\" title=\"Check for Rate Limiting and Brute Force Protections:\">Check for Rate Limiting and Brute Force Protections:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Test_for_Data_Integrity\" title=\"Test for Data Integrity:\">Test for Data Integrity:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Perform_Error_Handling_Testing\" title=\"Perform Error Handling Testing:\">Perform Error Handling Testing:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Document_Findings_and_Remediation\" title=\"Document Findings and Remediation:\">Document Findings and Remediation:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Best_API_Pentesting_Tools\" title=\"Best API Pentesting\u00a0 Tools\">Best API Pentesting\u00a0 Tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.devsecops.ltd\/api-penetration-testing\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_API_Penetration_Testing\"><\/span><b>What is API Penetration Testing?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">API penetration testing is the process of assessing the security posture of an application&#8217;s APIs. By simulating real-world attacks, security geeks can uncover vulnerabilities and weaknesses that malicious hackers might exploit. Just like wearing a veteran hacker&#8217;s hat, you&#8217;ll scrutinize the API endpoints, authentication mechanisms, input validation, and more to ensure they&#8217;re robust enough to withstand potential attacks.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_is_API_Pentesting_Important\"><\/span><strong>Why is API Pentesting Important?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>APIs can act as entry points for attackers, exploiting vulnerabilities to gain unauthorized access, manipulate data, or disrupt services. API pentesting is crucial for several reasons:<\/p>\n<ol>\n<li><strong>Ensuring Robust Security<\/strong>: API pentesting identifies and mitigates potential vulnerabilities, reducing the risk of exploitation and data breaches.<\/li>\n<li><strong>Preserving Data Integrity<\/strong>: By testing how an API handles user input and interactions, API pentesting ensures that data integrity is maintained throughout the communication process.<\/li>\n<li><strong>Strengthening Trust<\/strong>: Regular API pentesting instills confidence in users, demonstrating an organization&#8217;s commitment to security and protecting sensitive data.<\/li>\n<li><strong>Compliance with Regulations<\/strong>: Many industries, such as finance, healthcare, or government sectors, have stringent compliance requirements. API pentesting helps organizations meet these requirements and maintain industry standards.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"API_Pentesting_Process\"><\/span><strong>API Pentesting Process<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To conduct an effective API pentest, the following steps are typically involved:<\/p>\n<ol>\n<li><strong>Scoping<\/strong>: Define the scope of the pentest, including the specific APIs to be tested, their functionalities, and the intended goals of the assessment.<\/li>\n<li><strong>Reconnaissance<\/strong>: Gather information about the API, including documentation, endpoints, input parameters, and potential entry points for attackers.<\/li>\n<li><strong>Vulnerability Assessment<\/strong>: Scan the API for known vulnerabilities using automated tools or manual techniques. Look for potential security weaknesses that could be exploited.<\/li>\n<li><strong>Exploitation<\/strong>: Attempt to exploit identified vulnerabilities, simulating attacks that attackers might launch. This helps validate the seriousness of vulnerabilities and their potential impact.<\/li>\n<li><strong>Reporting<\/strong>: Document the findings, including a detailed description of vulnerabilities, their potential impact, and recommended remediation measures. This report is essential for developers and stakeholders to understand and prioritize security enhancements.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"API_Penetration_Testing_Checklist\"><\/span><b>API Penetration Testing Checklist<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As the use of APIs (Application Programming Interfaces) continues to increase, ensuring their security becomes paramount. API pentesting, or API penetration testing, is an essential process to assess the security of an API by simulating attacks and identifying vulnerabilities. Before embarking on an API penetration testing expedition, arm yourself with this API pentesting checklist:<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Understand_the_API\"><\/span><b>Understand the API<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Gain a solid understanding of the API&#8217;s functionality, endpoints, and intended usage. Analyze the API documentation to identify potential attack vectors.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Identify_the_Attack_Surface\"><\/span><b>Identify the Attack Surface<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Determine the entry points, such as endpoints, headers, or input parameters, through which an attacker could exploit the API.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Perform_Vulnerability_Assessment\"><\/span><b>Perform Vulnerability Assessment<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Scan for common API vulnerabilities, such as injection attacks, broken authentication, insecure direct object references, and XML external entity (XXE) attacks.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Enumerate_and_Test_Endpoints\"><\/span><b>Enumerate and Test Endpoints<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Enumerate all available API endpoints and test them for security vulnerabilities, including unauthorized access, injection flaws, or sensitive data exposure.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Test_Authentication_and_Authorization\"><\/span><b>Test Authentication and Authorization<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Assess the effectiveness of authentication mechanisms, such as API keys, OAuth tokens, or JSON Web Tokens (JWT), and ensure proper authorization levels are enforced.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Test_Input_Validation\"><\/span><b>Test Input Validation<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Check how the API handles user input and test for potential input validation vulnerabilities, like SQL injections or cross-site scripting (XSS) attacks.<\/span><\/p>\n<blockquote><p>Download Free\u00a0<a href=\"https:\/\/www.devsecops.ltd\/wp-content\/uploads\/2023\/04\/API-Security-Fundamentals-ebook.pdf\" data-lf-fd-inspected-ywvko4xdg1x4z6bj=\"true\">E-book on API Security<\/a><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Test_for_Security_Misconfigurations\"><\/span><b>Test for Security Misconfigurations<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Uncover misconfigurations that could lead to security breaches, such as exposed sensitive information or insecure server configurations.<\/span><\/p>\n<blockquote><p>Also Read,\u00a0<a href=\"https:\/\/www.devsecops.ltd\/api-security-management\/\">Guide to API Security Management<\/a><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Check_for_Rate_Limiting_and_Brute_Force_Protections\"><\/span><b>Check for Rate Limiting and Brute Force Protections<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Determine if proper rate limiting and brute force protection mechanisms are in place to prevent abuse and unauthorized access.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Test_for_Data_Integrity\"><\/span><b>Test for Data Integrity<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Verify that data transmitted over the API is properly protected with encryption, and check for vulnerabilities like man-in-the-middle attacks.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Perform_Error_Handling_Testing\"><\/span><b>Perform Error Handling Testing<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Test how the API handles errors and exceptions, ensuring that they don&#8217;t reveal sensitive information or provide clues for further exploitation.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Document_Findings_and_Remediation\"><\/span><b>Document Findings and Remediation<\/b><span style=\"font-weight: 400;\">:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Document all identified vulnerabilities, their potential impact, and provide recommendations for remediation.<\/span><\/p>\n<blockquote><p>Also Read,\u00a0<a href=\"https:\/\/www.devsecops.ltd\/api-gateway-security-best-practices\/\">API Security Testing Checklist<\/a><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Best_API_Pentesting_Tools\"><\/span><b>Best API Pentesting\u00a0 Tools<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Equip your arsenal with these powerful tools for conducting API penetration testing:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/portswigger.net\/burp\"><b>Burp Suite<\/b><\/a><span style=\"font-weight: 400;\">: A top-notch web application testing tool that includes modules for testing and manipulating API traffic.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.zaproxy.org\/\"><b>OWASP ZAP<\/b><\/a><span style=\"font-weight: 400;\">: An open-source web application security scanner that features specialized functionalities for API testing.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.tenable.com\/products\/nessus\"><b>Nessus<\/b><\/a><span style=\"font-weight: 400;\">: A comprehensive vulnerability scanning tool that can also be used for API security assessments.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.postman.com\/\"><b>Postman<\/b><\/a><span style=\"font-weight: 400;\">: A popular API development environment that can be utilized for API testing, including security assessments.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.telerik.com\/fiddler\"><b>Fiddler<\/b><\/a><span style=\"font-weight: 400;\">: A powerful web debugging proxy that allows you to intercept, inspect, and modify API traffic for security testing.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Remember, these tools are your trusty sidekicks, but it&#8217;s your expertise and creativity that will make the real difference during API penetration testing.<\/span><\/p>\n<blockquote><p>Also Read,\u00a0<a href=\"https:\/\/www.devsecops.ltd\/best-api-security-testing-tools\/\">Best API Security Testing Tools<\/a><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><span style=\"font-weight: 400;\">Conclusion<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>API pentesting is a critical step in securing software applications that rely on APIs for communication and integration. By proactively identifying vulnerabilities, organizations can enhance their security posture, protect sensitive data, and mitigate the risk of cyber attacks. API pentesting plays a crucial role in ensuring the reliability and integrity of APIs, enabling organizations to build secure and resilient systems. By embracing API pentesting, organizations can strengthen their cybersecurity practices and foster trust among users, ultimately safeguarding their valuable digital assets. Stay secure and embrace the power of API pentesting!<\/p>\n<div id=\"pdso_blog_content\" class=\"et_pb_module et_pb_post_content et_pb_post_content_0_tb_body\">\n<p><strong>Interested in API Security Hands-On Upskilling?<\/strong><\/p>\n<p>Practical DevSecOps offers an excellent\u00a0<a href=\"https:\/\/www.devsecops.ltd\/certified-api-security-professional\/\">Certified API Security Professional (CASP)\u00a0<\/a>course with hands-on training through browser-based labs, 24\/7 instructor support, and the best learning resources to upskill in API security.<\/p>\n<p>Start your journey mastering API security today with\u00a0<a href=\"https:\/\/www.devsecops.ltd\/\">Practical DevSecOps<\/a>!<\/p>\n<blockquote><p>Also Read about,\u00a0<a href=\"https:\/\/www.devsecops.ltd\/api-security-trends\/\">API Security Trends of 2024<\/a><\/p><\/blockquote>\n<blockquote><p>Download Free\u00a0<a href=\"https:\/\/www.devsecops.ltd\/wp-content\/uploads\/2023\/04\/API-Security-Fundamentals-ebook.pdf\" data-lf-fd-inspected-ywvko4xdg1x4z6bj=\"true\">E-book on API Security<\/a><\/p><\/blockquote>\n<div class=\"addtoany_share_save_container addtoany_content addtoany_content_bottom\">\n<div class=\"a2a_kit a2a_kit_size_32 addtoany_list\" data-a2a-url=\"https:\/\/www.devsecops.ltd\/api-security-trends\/\" data-a2a-title=\"API Security Trends Predicted for 2024\"><\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s digital world, APIs (Application Programming Interfaces) play a vital role in enabling communication and integration between systems, applications, and services. However, with the increasing reliance on APIs, the need to ensure their security also becomes crucial. API penetration testing, also known as API pentesting, is a process that helps organizations identify and mitigate [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":230149,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/posts\/230145"}],"collection":[{"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/comments?post=230145"}],"version-history":[{"count":5,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/posts\/230145\/revisions"}],"predecessor-version":[{"id":230496,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/posts\/230145\/revisions\/230496"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/media\/230149"}],"wp:attachment":[{"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/media?parent=230145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/categories?post=230145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devsecops.ltd\/wp-json\/wp\/v2\/tags?post=230145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}