Category: API Hacking Tools

• July 25, 2023

  Here’s how I get the most out of Burp Suite reporting

  

  Learn how to get the most out of the reporting capabilities built into PortSwigger’s Burp Suite Professional.
• July 11, 2023

  Improve your API Security Testing with Burp BCheck Scripts

  

  Learn how to write your own Burp BCheck scripts to tap into the web vulnerability scanner to automate your API security testing.
• June 13, 2023

  Grepping through API payloads with Gron

  

  Level up your API security testing skills by learning how to use Gron to grep through the JSON payloads of the API endpoints you are hacking.
• April 25, 2023

  Finding API secrets in hidden layers within Docker containers

  

  Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
• April 18, 2023

  How to use GPG as a security researcher

  

  Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
• March 7, 2023

  OWASP API Security Top 10: Upcoming Changes You Need To Know About

  

  Check out these changes coming to the OWASP API Security Top 10 list!
• January 17, 2023

  A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite

  

  Write your own extensions in Python to pwn your API targets with BurpSuite
• December 13, 2022

  Defeating a dockerized API to get access to source code

  

  Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
• October 28, 2022

  7 Essential Burp Extensions for Hacking APIs

  

  Check out the coolest extensions to help out when hacking APIs in Burp.
• October 18, 2022

  Attacking Microsoft Graph with Postman

  

  Learn how to use Postman to attack the Microsoft Graph API.