Cover art for Hacking APIs
Published
No Starch, July 2022
ISBN
9781718502444
Format
Softcover, 368 pages
Dimensions
23.4cm × 17.7cm

Hacking APIs Breaking Web Application Programming Interfaces

Not in stock
Fast $7.95 flat-rate shipping!
Only pay $7.95 per order within Australia, including end-to-end parcel tracking.
100% encrypted and secure
We adhere to industry best practice and never store credit card details.
Talk to real people
Contact us seven days a week – our staff are here to help.

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

You'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks.

In the book's nine guided labs, which target intentionally vulnerable APIs, you'll practice-

Enumerating APIs users and endpoints using fuzzing techniques

Using Postman to discover an excessive data exposure vulnerability

Performing a JSON Web Token attack against an API authentication process

Combining multiple API attack techniques to perform a NoSQL injection

Attacking a GraphQL API to uncover a broken object level authorization vulnerability

By the end of the book, you'll be prepared to uncover those high-payout API bugs other hackers aren't finding and improve the security of applications on the web.

Related books