Browse categories
Explore
Fiverr Pro
English
$
USD
I will perform API penetration testing with detailed report
Wisal Khan
About this gig
Certified ethical hacker (eJPT, eWPT, eWPTX, ICCA + MIT) with 30+ bugs found on HackerOne & Bugcrowd. I provide authorized API security testing only ethical, legal, and white-hat. Explicit written permission and proof of ownership/authorization required before starting. No unauthorized access or illegal activities.
What you'll get:
- Manual + automated testing of endpoints (REST/GraphQL)
- Full coverage of OWASP API Top 10 (broken auth, IDOR, excessive data exposure, rate limiting, injection, etc.)
- Business logic flaws, auth bypass, rate limit abuse, data leaks
- Professional PDF report: CVSS risk ratings, screenshots/evidence, remediation advice
My process: Scope definition Recon & mapping Scanning Manual testing Reporting
Tools: Burp Suite Pro, Postman, custom scripts, industry standards.
Why me? Real bug bounty experience + hands-on platforms (HTB, TryHackMe, Juice Shop, CTFs).
Important: Share API docs/scope/PoC access first. For broader web app testing, check my main gig.
Message me to discuss your API let's secure it!
Respect third-party rights
Please be aware that it is against Fiverr's policies for sellers to include themes, templates, or any other elements that infringe third-party rights or applicable laws in the delivered work. Read more about in our Guide to Responsible Digital Creation.
Get to know Wisal Khan
Wisal Khan
Certified Web App and API Penetration Tester
- FromPakistan
- Member sinceApr 2020
- Avg. response time1 hour
- Last delivery2 years
Languages
Urdu, Pashto, English
I am a certified penetration tester (eJPT, eWPT, eWPTX, ICCA) specializing in web application and API security. I help businesses secure their apps by testing for OWASP Top 10, authentication flaws, and logic vulnerabilities. My services include manual & automated pentesting, risk assessment, and professional PDF reports with fixes. I follow strict confidentiality and ethical testing to ensure your data stays safe.
My Portfolio
FAQ
What do I need to provide to start?
API endpoint URLs/docs, authentication details (test creds if needed), clear scope (endpoints to test), and signed authorization/permission proof.
Is this service legal and authorized?
Yes – all testing is ethical and authorized only. You must provide written proof of ownership/authorization and scope before we start. No unauthorized access.
Do you test production APIs?
Recommended: Test staging/dev environments first. Production testing possible only with strict authorization and low-risk approach.
What is included in the report?
CVSS-rated vulnerabilities, screenshots/evidence, risk levels, remediation steps. Basic: summary; Standard/Premium: detailed PDF.
Can you help fix the issues?
No direct fixes (ethical boundary), but detailed remediation advice included. Retest available in Premium.
