181 Security Tests

Every validation rule is verified with automated tests for incoming requests and outgoing responses.

Test Categories

Our test suite covers all aspects of bidirectional API validation.

Path Validation

8 Tests

URL path validation, traversal prevention, allowlist enforcement.

Details

HTTP Methods

12 Tests

Enforcement of allowed methods per endpoint.

Details

Header Validation

15 Tests

Content-Type checking, header injection prevention.

Details

Body Validation

25 Tests

JSON Schema validation, size limits, structure checking.

Details

Injection Prevention

35 Tests

SQL injection, XSS, command injection, LDAP injection.

Details

Response Validation

28 Tests

Response schema validation, data leak prevention.

Details

Authentication

18 Tests

Token validation, session handling, authorization checks.

Details

Rate Limiting

10 Tests

Request limiting, burst protection, client identification.

Details

Edge Cases

30 Tests

Unicode handling, encoding attacks, boundary analysis.

Details

Bidirectional Validation

Request Validation

Incoming requests are validated against the OpenAPI schema before reaching the backend:

Path and method allowlist
Header validation
Body schema checking
Injection pattern detection

Learn more

Response Validation

Outgoing responses are validated to prevent data leaks and faulty responses:

Response schema conformity
Sensitive data filtering
Error response sanitization
Header checking

Learn more

Compliance Mapping

Our tests are aligned with industry standards and regulations.

ISO 27001

Controls for access control, cryptography, and operational security.

OWASP Top 10

Full coverage of OWASP API Security Top 10 risks.

BSI Grundschutz

IT baseline protection modules for web applications and API security.

BAIT/VAIT

Financial sector-specific requirements from BaFin.