Hacking APIs: Breaking Web Application Programming Interfaces
by Corey J. Ball
LEAVE A LIKE. DON'T BE A LEECH. LEAVE A LIKE. DON'T BE A LEECH. Book Summary
An Application Programming Interface (API) is a software connection that allows applications to communicate and share services. Hacking APIs will teach you how to test web APIs for security vulnerabilities. Youāll learn how the common API types, REST, SOAP, and GraphQL, work in the wild. Then youāll set up a streamlined API testing lab and perform common attacks, like those targeting an APIās authentication mechanisms, and the injection vulnerabilities commonly found in web applications. In the bookās guided labs, which target intentionally vulnerable APIs, youāll practice:
- Enumerating API users and endpoints using fuzzing techniques
- Using Postman to discover an excessive data exposure vulnerability
- Performing a JSON Web Token attack against an API authentication process
- Combining multiple API attack techniques to perform a NoSQL injection
- Attacking a GraphQL API to uncover a broken object level authorization vulnerability
Author Bio
Corey Ball is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare. In addition to a bachelorās degree in English and philosophy from Sacramento State University, Corey holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications.
:: IF YOU DOWNLOAD THIS, PLEASE LEAVE A LIKE!
:: IF YOU FOUND IT USEFUL, PLEASE LEAVE A RATING!
- BIG THANKS!
Last edited:
