Hacking APIs: Breaking Web Application Programming Interfaces
Hacking APIs: Breaking Web Application Programming Interfaces
English | 2022 | ISBN: 1718502443 | 308 Pages | EPUB | 11 MB
English | 2022 | ISBN: 1718502443 | 308 Pages | EPUB | 11 MB
You'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks. In the book's nine guided labs, which target intentionally vulnerable APIs, you'll practice: Enumerating APIs users and endpoints using fuzzing techniques; Using Postman to discover an excessive data exposure vulnerability; Performing a JSON Web Token attack against an API authentication process; Combining multiple API attack techniques to perform a NoSQL injection; Attacking a GraphQL API to uncover a broken object level authorization vulnerability. By the end of the book, you'll be prepared to uncover those high-payout API bugs other hackers aren't finding and improve the security of applications on the web.