Category: API Hacking Fundamentals
-
5 Tips for API Hackers on Picking Your First Target
Check out these five tips to help you pick your first target when starting bug bounty hunting against APIs.
-
Breaking APIs with Naughty Strings
Learn how to leverage the Big List of Naughty Strings (BLNS) to break APIs using nothing more than Postman.
-
5 more Burp extensions for API hacking
Check out these five Burp Suite extensions that can help your API hacking. From bypassing WAFs to generating wordlists, it can all help.
-
Writing API exploits in Python
Learn how to leverage curlconverter to write API exploits in Python using payloads you generated in Burp Suite.
-
Endpoints vs Routes: What every API hacker needs to know
Learn the difference between API endpoints and routes and how to think about it as an API hacker during your security testing.
-
The No-Nonsense Guide to Bypassing API Auth Using NoSQL Injection
Use this simple guide to learn how to use NoSQL injection to bypass the authentication in the APIs you are testing.
-
Finding “dark data” in an API
Learn how to find “dark data” in the responses to API calls you make during your security testing engagements.
-
Bypassing API rate limiting using IP rotation in Burp Suite
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.
-
5 ways to improve your GraphQL hacking skills
Explore five ways that you can improve your GraphQL hacking skills, and learn how to practice your newly found skills in a safe way.
-
What API hackers need to know about the Exploit Prediction Scoring System
Learn how to leverage the Exploit Prediction Scoring System (EPSS) to identify the vulnerabilities in your APIs that are most exploitable.