Chapter 3 Assignment
Try to break your own API
The brief
Use curl to attempt SQL injection on your search endpoints, and SSRF on any URL-fetching endpoint (e.g., webhook validation, OG-image preview). Document each attempt + the response. Add safefetch where missing.
You've completed this when
- All injection attempts return clean errors, not data leaks
- No internal IPs reachable via your API
- Tests added for the most dangerous endpoints
Worked through every criterion?
Push your code to GitHub, paste the link in your notes.md, and move on.
Continue to ch.4: Auth + Secret Management