Hacking APIs: Breaking Web Application Programming Interfaces
by: Corey J. Ball (0)
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Â Youâll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then youâll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, youâll learn to perform common attacks, like those targeting an APIâs authentication mechanisms and the injection vulnerabilities commonly found in web applications. Youâll also learn techniques for bypassing protections against these attacks. Â In the bookâs nine guided labs, which target intentionally vulnerable APIs, youâll practice:
Enumerating APIs users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object level authorization vulnerability
 By the end of the book, youâll be prepared to uncover those high-payout API bugs other hackers arenât finding and improve the security of applications on the web.