Pentesting a payment API is typically assignment for our team, because the founder of binsec GmbH have a strong working background in the payment area. Checking for typical OWASP Top 10 vulnerabilities is the basis of the penetration test, but in this case, we also check for some sort of logical errors that may result in security issues. A good example is checking if it is possible to transfer negative amounts using a normal auth or settle transaction type. Issues like this one happen, because when one thinks about amount limits, sometimes it is only to limit the maximum amount.
In comparison to normal website penetration test, testing a payment API requires a higher manual effort. It involves getting familiar with the API documentation and writing tests for the specific use cases, since many available tools might not work in this case. Nevertheless, having a broad range of experience in this field allows us to still analyse APIs in an adequate time frame.
Talk now
to our
Pentest experts.
Contact us

OSCP, M.Sc. Security Management
Talk now to our Pentest experts.

OSCP, M.Sc. Security Management
Penetration Testing
Since 2013 we conduct professional penetration test, based on international industry standards and years of experience in penetration testing, red teaming and hacking.
As a company for professional penetration testing, we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your Pentest. Read more about our pentest service.
Contact us