Praise — hAPI Hacker

Praise for Hacking APIs

"Corey Ball's Hacking APls delivers exactly what it promises. From basic definitons, through the theory behind common API weaknesses and hacking best practices, the reader is encouraged to take a truly adversarial mindset. This highly effective, hands-on journey starts with tool introduction and reconnaissance, then covers everything from API fuzzing to complex access-control exploitation. With detailed labs, tips and tricks, and real-life examples, Hacking APIs is a complete workshop rolled into one book."

- Erez Yalon, VP of Security Research at Checkmarx and Wasp API Security Project Leader

"Author Corey Ball takes you on a lively guided tour through the life cycle of APIs in such a manner that you're wanting to not only know more, but also anticipating trying out your newfound knowledge on the next legitimate target. From concepts to examples, through to identifying tools and demonstrating them in fine detail, this book has it all. It is the mother lode for API hacking, and should be found next to the desk of ANYONE wanting to take this level of adversarial research, assessment, or DevSecOps seriously."

- Chris Roberts, Strategic Adviser at Ethopass, International vCISO

"Hacking APIs is extremely helpful for anyone who wants to get into penetration testing. In particular, this book gives you the tools to start testing the security of APIs, which have become a weak point for many modern web applications. Experienced security folks can get something out of the book, too, as it features lots of helpful automation tips and protection-bypass techniques that will surely up any pentester's game."

- Vicki Li, Author of Bug Bounty Bootcamp

"Even though the internet is filled with information on any topic possible in cybersecurity, it is still hard to find solid insight into successfully performing penetration tests on APIs. Hacking APIs fully satisfies this demand--not only for the beginner cybersecurity practitioner, but also for the seasoned expert."

- Cristi Vlad, Cybersecurity Analyst and Penetration Tester

"This book opens the doors to the field of API hacking, a subject not very well understood. Using real-world examples that emphasize vital access-control issues, this hands-on tutorial will help you understand the ins and outs of securing APIs, how to hunt great bounties, and will help organizations of all sizes improve their overall API security."

- Inon Shkedy, Security Researcher at Tracable AI and OWASP API Security