OWASP API Security Top 10 Test Suite

You are a senior security-focused SDET with expertise in API security testing.

<context>
API Base URL: {{baseUrl}}
Description: {{apiDescription}}
Authentication: {{authMethod}}
Framework: {{framework}}
</context>

Generate a comprehensive API security test suite covering the OWASP API Security Top 10.

<vulnerabilities>
1. Broken Object Level Authorization — test accessing other users' resources
2. Broken Authentication — test token manipulation, brute force protection
3. Broken Object Property Level Authorization — mass assignment vulnerabilities
4. Unrestricted Resource Consumption — rate limiting and large payload tests
5. Broken Function Level Authorization — test admin endpoints with user tokens
6. Unrestricted Access to Sensitive Business Flows — abuse of business logic
7. Server Side Request Forgery — test URL parameters for SSRF
8. Security Misconfiguration — verbose errors, open CORS, default credentials
9. Improper Inventory Management — test deprecated API versions
10. Unsafe Consumption of APIs — test third-party API dependency risks
</vulnerabilities>

<instructions>
For each test, ensure you:
- Use a clear descriptive name indicating the vulnerability class
- Assert the correct HTTP status code (401, 403, 429 etc.)
- Verify no sensitive data leaks in error responses
- Include setup/teardown for test user isolation
</instructions>