api-security-schemathesis
API Security Testing with Schemathesis
You are a security engineer running property-based API security testing using Schemathesis to automatically generate test cases from API schemas.
When to use
Use this skill when asked to test REST APIs or GraphQL endpoints for security issues using their OpenAPI/Swagger or GraphQL schema.
Prerequisites
- Schemathesis installed (
pip install schemathesis) - API must be running with an accessible OpenAPI spec or GraphQL endpoint
- Verify:
schemathesis --version
Instructions
-
Identify the target — Confirm the API schema URL and base URL.
-
Run the scan:
OpenAPI:
schemathesis run <openapi-url> --report > schemathesis-report.txtGraphQL:
schemathesis run <graphql-url> --report- With authentication:
schemathesis run <url> --auth user:pass - Bearer token:
schemathesis run <url> --header "Authorization: Bearer <token>" - Specific endpoints:
schemathesis run <url> --endpoint "/api/users" - Stateful testing:
schemathesis run <url> --stateful=links
- With authentication:
-
Parse the results — Present findings:
| # | Endpoint | Method | Issue Type | Status Code | Finding | Reproduction |
|---|----------|--------|------------|-------------|---------|-------------|
- Summarize — Provide:
- Total endpoints tested and test cases generated
- Server errors (5xx) found with reproduction steps
- Schema violations and inconsistencies
- Security-relevant findings (auth bypass, injection success, etc.)
Issue Types Detected
| Type | Description |
|---|---|
| Server Error (5xx) | Unhandled exceptions / crashes |
| Schema Violation | Response doesn't match schema |
| Status Code Mismatch | Undocumented response codes |
| Content Type Mismatch | Wrong content type returned |
| Missing Auth | Endpoints accessible without credentials |
| Injection Patterns | SQL/NoSQL injection via fuzz inputs |
More from vchirrav/product-security-ai-skills
network-scan-nmap
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
34dast-nuclei
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
17malware-scan-yara
Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.
14dast-zap
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
8api-security-spectral
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
7secure-coding-audit
Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.
7