Category: API Hacking Tools

• April 25, 2023

  Finding API secrets in hidden layers within Docker containers

  

  Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
• April 18, 2023

  How to use GPG as a security researcher

  

  Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
• March 7, 2023

  OWASP API Security Top 10: Upcoming Changes You Need To Know About

  

  Check out these changes coming to the OWASP API Security Top 10 list!
• January 17, 2023

  A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite

  

  Write your own extensions in Python to pwn your API targets with BurpSuite
• December 13, 2022

  Defeating a dockerized API to get access to source code

  

  Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
• October 28, 2022

  7 Essential Burp Extensions for Hacking APIs

  

  Check out the coolest extensions to help out when hacking APIs in Burp.
• October 18, 2022

  Attacking Microsoft Graph with Postman

  

  Learn how to use Postman to attack the Microsoft Graph API.
• October 4, 2022

  The API Hacker’s Guide to Payload Injection with Postman

  

  Learn how to use Postman to attack APIs with payload injection.
• September 20, 2022

  How to craft rogue API docs for a target when they don’t exist

  

  Learn how to reverse engineer an undocumented API using your own rogue docs.
• September 2, 2022

  Exploit APIs with cURL

  

  Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.