API Hacking Fundamentals Archives

Check out these five tips to help you pick your first target when starting bug bounty hunting against APIs.

Learn how to leverage the Big List of Naughty Strings (BLNS) to break APIs using nothing more than Postman.

Check out these five Burp Suite extensions that can help your API hacking. From bypassing WAFs to generating wordlists, it can all help.

Learn how to leverage curlconverter to write API exploits in Python using payloads you generated in Burp Suite.

Learn the difference between API endpoints and routes and how to think about it as an API hacker during your security testing.

Use this simple guide to learn how to use NoSQL injection to bypass the authentication in the APIs you are testing.

Learn how to find “dark data” in the responses to API calls you make during your security testing engagements.

Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.

Explore five ways that you can improve your GraphQL hacking skills, and learn how to practice your newly found skills in a safe way.

Learn how to leverage the Exploit Prediction Scoring System (EPSS) to identify the vulnerabilities in your APIs that are most exploitable.

Category: API Hacking Fundamentals