Hacking APIs - Signed Paperback
An Application Programming Interface (API) is a software connection that allows applications to communicate and share services. Hacking APIs will teach you how to test web APIs for security vulnerabilities. You’ll learn how the common API types, REST, SOAP, and GraphQL, work in the wild. Then you’ll set up a streamlined API testing lab and perform common attacks, like those targeting an API’s authentication mechanisms, and the injection vulnerabilities commonly found in web applications. In the book’s guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating API users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs that other hackers aren’t finding, and improve the security of applications on the web.
An Application Programming Interface (API) is a software connection that allows applications to communicate and share services. Hacking APIs will teach you how to test web APIs for security vulnerabilities. You’ll learn how the common API types, REST, SOAP, and GraphQL, work in the wild. Then you’ll set up a streamlined API testing lab and perform common attacks, like those targeting an API’s authentication mechanisms, and the injection vulnerabilities commonly found in web applications. In the book’s guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating API users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs that other hackers aren’t finding, and improve the security of applications on the web.
An Application Programming Interface (API) is a software connection that allows applications to communicate and share services. Hacking APIs will teach you how to test web APIs for security vulnerabilities. You’ll learn how the common API types, REST, SOAP, and GraphQL, work in the wild. Then you’ll set up a streamlined API testing lab and perform common attacks, like those targeting an API’s authentication mechanisms, and the injection vulnerabilities commonly found in web applications. In the book’s guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating API users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs that other hackers aren’t finding, and improve the security of applications on the web.
Table of contents
Foreword
Acknowledgments
Introduction
PART I: HOW WEB API SECURITY WORKS
Chapter 0: Preparing for Your Security Tests
Chapter 1: How Web Applications Work
Chapter 2: The Anatomy of Web APIs
Chapter 3: Common API Vulnerabilities
PART II: BUILDING AN API TESTING LAB
Chapter 4: Your API Hacking System
Chapter 5: Setting Up Vulnerable API Targets
PART III: ATTACKING APIs
Chapter 6: Discovery
Chapter 7: Endpoint Analysis
Chapter 8: Attacking Authentication
Chapter 9: Fuzzing
Chapter 10: Exploiting Authorization
Chapter 11: Mass Assignment
Chapter 12: Injection
PART IV: REAL-WORLD API HACKING
Chapter 13: Applying Evasive Techniques and Rate Limit Testing
Chapter 14: Attacking GraphQL
Chapter 15: Data Breaches and Bug Bounties
Conclusion
Appendix A: API Hacking Checklist
Appendix B: Additional Resources
Index
View the Copyright page
View the detailed Table of Contents
View the Index