Skip to content
Description
By: Corey J. Ball
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.
In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating APIs users and endpoints using fuzzing techniques Using Postman to discover an excessive data exposure vulnerability Performing a JSON Web Token attack against an API authentication process Combining multiple API attack techniques to perform a NoSQL injection Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.
In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.
You may also like
Top Trending
Dog Man 14: Dog Man: Big Jim Believes: A Graphic Novel (Dog Man #14)
Sale priceHK$85.00
Regular priceHK$150.00
In stock
Press Start! #17 The Super Jump Between Worlds! (Branches)
Sale priceHK$55.00
Regular priceHK$98.00
In stock
Darkstalker: A Graphic Novel (Wings of Fire: Legends Graphic Novel)
Sale priceHK$99.00
Regular priceHK$154.00
In stock
Harry Potter #4 and the Goblet of Fire (Interactive Illustrated Edition)
Sale priceHK$299.00
Regular priceHK$630.00
In stock
InvestiGators: Agents of S.U.I.T. #02: From Badger to Worse
Sale priceHK$79.00
Regular priceHK$99.00
In stock
Percy Jackson and the Olympians 5 Book Paperback Boxed Set (w/poster)
Sale priceHK$288.00
Regular priceHK$450.00
In stock
InvestiGators: Agents of S.U.I.T. #03: Wild Ghost Chase
Sale priceHK$69.00
Regular priceHK$140.00
In stock
Dragon Masters #29 (正版) Magic of the Wizard Dragon (Branches) (Tracey West)
Sale priceHK$48.00
Regular priceHK$69.00
In stock