Category: API Hacking Tools
Finding API secrets in hidden layers within Docker containers
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
How to use GPG as a security researcher
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
OWASP API Security Top 10: Upcoming Changes You Need To Know About
Check out these changes coming to the OWASP API Security Top 10 list!
A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite
Write your own extensions in Python to pwn your API targets with BurpSuite
Defeating a dockerized API to get access to source code
Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
7 Essential Burp Extensions for Hacking APIs
Check out the coolest extensions to help out when hacking APIs in Burp.
Attacking Microsoft Graph with Postman
Learn how to use Postman to attack the Microsoft Graph API.
The API Hacker’s Guide to Payload Injection with Postman
Learn how to use Postman to attack APIs with payload injection.
How to craft rogue API docs for a target when they don’t exist
Learn how to reverse engineer an undocumented API using your own rogue docs.
Exploit APIs with cURL
Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.