From 0f9feb327995ff41995f98b6ef3d9b4912e281fe Mon Sep 17 00:00:00 2001
From: Garth Boyd <garthoid@gmail.com>
Date: Sun, 16 Jun 2024 17:46:13 -0400
Subject: [PATCH] Add several OWASP REST and API references. (#1146)

* Add several OWASP REST and API references.
---
 .../12-API_Testing/00-API_Testing_Overview.md              | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md b/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md
index 6501fc88b2..b7ef9f7509 100644
--- a/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md
+++ b/document/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md
@@ -102,3 +102,10 @@ Application APIs that conform to REST principles use the response status code of
 | 404           | Not Found             | Resource doesn't exist or incorrect based on the request                                               |
 | 405           | Method Not Allowed    | Invalid method or unknown method used                                                                  |
 | 500           | Internal Server Error | Server failed to process request due to an internal error                                              |
+
+## References
+
+1. [OWASP REST Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html)
+2. [OWASP REST Assessment Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/REST_Assessment_Cheat_Sheet.html)
+3. [OWASP API Security Project](https://owasp.org/www-project-api-security/)
+4. [OWASP API Security Tools](https://owasp.org/www-community/api_security_tools)