Category: API Hacking Techniques

• June 6, 2023

  Avoiding the Apocalypse: A Guide to Finding Zombie APIs

  

  Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
• May 23, 2023

  Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

  

  Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
• May 9, 2023

  Attacking APIs by tainting data in weird places

  

  Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
• April 25, 2023

  Finding API secrets in hidden layers within Docker containers

  

  Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
• April 11, 2023

  Exploiting Server Side Request Forgery (SSRF) in an API

  

  Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
• March 28, 2023

  How Adversaries Attack APIs Through Dependencies

  

  We must become curators of API dependencies, NOT consumers!!
• February 14, 2023

  Exploiting embedded APIs by dumping firmware

  

  Hack the hardware to find the firmware and swipe the source code of APIs under security testing.
• January 31, 2023

  Using a Flipper Zero to access API source code on IoT devices

  

  Hacking APIs on IoT devices using a Flipper Zero
• January 10, 2023

  5 simple questions to make your API pentest more successful

  

  Check out these 5 simple questions that will help make your API penetration testing engagement more successful.
• December 27, 2022

  Hacking a .NET API in the real world

  

  Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.