Pooja
ReqRes Demo API (https://reqres.in)
- Postman (Web Version)
- Browser DevTools
Read-only testing of public demo API endpoints only. No exploitation or private APIs were accessed.
- Reviewed API documentation
- Tested endpoints using Postman
- Inspected authentication and response headers
- Identified and classified security risks
- Documented remediation steps
- RISK-001: Unauthenticated Access to Users - HIGH
- RISK-002: User PII Exposed Without Login - HIGH
- RISK-003: Missing Security Headers - MEDIUM
- RISK-004: Inconsistent Auth Model - MEDIUM
- RISK-005: Excessive Data Exposure - LOW
- RISK-006: No Rate Limiting - MEDIUM
- API Security TASK_03.docx — Full security report
- Screenshots — Postman test evidence