> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# API Testing

> Recursos cross-platform para API Testing: máquinas HTB, labs PortSwigger y rooms TryHackMe curados, con writeups validados y skills relacionadas.

# API Testing

Esta página agrega los **recursos para practicar API Testing** de forma cross-platform: máquinas retiradas de Hack The Box, labs de PortSwigger Web Security Academy y rooms de TryHackMe, más recursos curados (HackTricks, PortSwigger, etc.) y skills relacionadas.

## Recursos curados

| Fuente      | Enlace                                                                                               |
| ----------- | ---------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/api-testing](https://portswigger.net/web-security/api-testing) |

## Labs PortSwigger que practican API Testing (5)

| Lab                                                                                                                                                                                      | Dificultad                                                 | Topic       | Oficial                                                                                                                                                  |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Exploiting an API endpoint using documentation](/portswigger/labs/api-testing/exploiting-api-endpoint-using-documentation)                                                              | <span className="dbadge dbadge-easy">APPRENTICE</span>     | API Testing | [Abrir](https://portswigger.net/web-security/api-testing/lab-exploiting-api-endpoint-using-documentation)                                                |
| [Exploiting server-side parameter pollution in a REST URL](/portswigger/labs/api-testing/server-side-parameter-pollution-exploiting-server-side-parameter-pollution-in-rest-url)         | <span className="dbadge dbadge-easy">APPRENTICE</span>     | API Testing | [Abrir](https://portswigger.net/web-security/api-testing/server-side-parameter-pollution/lab-exploiting-server-side-parameter-pollution-in-rest-url)     |
| [Exploiting a mass assignment vulnerability](/portswigger/labs/api-testing/exploiting-mass-assignment-vulnerability)                                                                     | <span className="dbadge dbadge-medium">PRACTITIONER</span> | API Testing | [Abrir](https://portswigger.net/web-security/api-testing/lab-exploiting-mass-assignment-vulnerability)                                                   |
| [Exploiting server-side parameter pollution in a query string](/portswigger/labs/api-testing/server-side-parameter-pollution-exploiting-server-side-parameter-pollution-in-query-string) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | API Testing | [Abrir](https://portswigger.net/web-security/api-testing/server-side-parameter-pollution/lab-exploiting-server-side-parameter-pollution-in-query-string) |
| [Finding and exploiting an unused API endpoint](/portswigger/labs/api-testing/exploiting-unused-api-endpoint)                                                                            | <span className="dbadge dbadge-medium">PRACTITIONER</span> | API Testing | [Abrir](https://portswigger.net/web-security/api-testing/lab-exploiting-unused-api-endpoint)                                                             |

***

← [Volver al glosario completo](/glosario)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"API Testing","termCode":"api-testing","inLanguage":"es","url":"https://rootea.es/skills/api-testing","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Glosario táctico de pentesting","url":"https://rootea.es/glosario"}}`}
</script>

*Última actualización: 2026-05-08*
