Hacking APIs: breaking web application programming interfaces

Book Cover
Average Rating
Author
Ball, Corey (Cybersecurity manager)
Publisher
No Starch Press
Publication Date
[2022]
Language
English
Book
 Show Edition
Checked Out
Where is it?
Place Hold
eBook
 Show Edition
Available Online
Access Online

Description

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
  • Enumerating APIs users and endpoints using fuzzing techniques
  • Using Postman to discover an excessive data exposure vulnerability
  • Performing a JSON Web Token attack against an API authentication process
  • Combining multiple API attack techniques to perform a NoSQL injection
  • Attacking a GraphQL API to uncover a broken object level authorization vulnerability
    •  By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

    More Details

    ISBN
    9781718502444
    9781718502451

    Discover More

    Also in this Series

    Checking series information...

    More Like This

    • Micro state management with react hooks: explore custom hooks libraries like Zustand, Jotai, and Valtio to manage global states Cover
    • Building an API product: design, implement, and release API products that meet user needs Cover
    • Full stack GraphQL applications: with REACT, NODE.JS, and NEO4J Cover
    • Google Cloud AI Services quick start guide: build intelligent applications with Google Cloud AI Services Cover
    • REST API Development with Node.js: Manage and Understand the Full Capabilities of Successful REST Development Cover
    • Progressive web application development by example: develop fast, reliable, and engaging user experiences for the web Cover
    • Java deep learning projects: implement 10 real-world deep learning applications using Deeplearning4j and open source APIs Cover
    • The Kubernetes Operator Framework Book: Overcome Complex Kubernetes Cluster Management Challenges with Automation Toolkits Cover
    • Hands-on full stack development with Spring Boot 2 and React: build modern and scalable full stack applications using Spring Framework 5 and React with Hooks Cover
    • Hands-on reactive programming with Reactor: build reactive and scalable microservices using the Reactor framework Cover
    • Designing web APIs with Strapi: get started with the Strapi headless CMS by building a complete learning management system API Cover
    • Rancher Deep Dive: Manage Enterprise Kubernetes Seamlessly with Rancher Cover
    • Hands-on full stack development with Spring Boot 2.0 and React: build modern and scalable full stack applications using the Java-based Spring Framework 5.0 and React Cover
    • JavaScript everywhere: building cross-platform applications with GraphQL, React, React Native, and Electron Cover
    • Istio in action Cover
    • Go web development cookbook: build full-stack web applications with Go Cover
    • Hands-on full-stack web development with GraphQL and React: build scalable full-stack applications while learning to solve complex problems with GraphQL Cover
    • Karma-based API on Apple platforms: building privacy into iOS and macOS apps Cover
    • Just React!: learn React the react way Cover
    • Generative AI with LangChain: build large language model (LLM) apps with python, ChatGPT, and other LLMs Cover
    • Artificial intelligence for .NET, speech, language, and search: building smart applications with Microsoft Cognitive Services APIs Cover
    • Building cognitive applications with IBM Watson Services: Volume 4,Natural language classifier Cover
    • Odoo 12 development essentials: fast-track your Odoo development skills to build powerful business applications Cover
    • Full stack development with Spring Boot 3 and React: build modern web applications using the power of Java, React, and TypeScript Cover
    • Sidecar-less Istio explained: lowering the barrier to service mesh adoption with ambient mode Cover

    Reviews from GoodReads

    Loading GoodReads Reviews.

    Staff View

    Loading Staff View.