Category: API Hacking Techniques
-
The Beginners Guide to Writing API Security Tests in Postman
Learn everything you need to know about how to get started writing API security tests in Javascript using Postman.
-
Improving port scans against API servers
Learn how to improve the performance of your port scans against API servers with the use of Project Discovery’s Naabu scanner.
-
Discovering API secrets & endpoints using APKLeaks
Learn how to improve your recon process with the use of apkleaks to find hidden API servers, secrets, and endpoints embedded in mobile apps.
-
Is Nuclei any good for API hacking?
Let me show you how Nuclei can be used for more than vulnerability scanning. Learn how to leverage it as a tool for your API hacking.
-
Detecting API endpoints and source code with JS Miner
Learn how to detect API endpoints and extract source code from web app frontends using JS Miner, a FREE Burp Suite Professional extension.
-
Detecting Uncommon Headers in an API using Burp Bambda Filters
Learn how to write Bambda filters in Burp Suite that can automatically detect uncommon headers in the APIs you are testing.
-
Exploiting an API with Structured Format Injection
Learn how to use Structured Format Injection (SFI) through Server Side Parameter Pollution (SSPP) to exploit an API.
-
Finding “dark data” in an API
Learn how to find “dark data” in the responses to API calls you make during your security testing engagements.
-
Writing Burp Bambda Filters Like a Boss
Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.
-
Using Chaos Engineering To Hack An API
Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.