{"product_id":"hacking-apis-breaking-web-application-programming-interfaces-9781718502444","title":"Hacking APIs: Breaking Web Application Programming Interfaces","description":"\u003cb\u003e\u003ci\u003eHacking APIs\u003c\/i\u003e is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.\u003c\/b\u003e \u003cp\u003e\u003c\/p\u003e\u003ci\u003eHacking APIs\u003c\/i\u003e is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. \u003cp\u003e\u003c\/p\u003eYou'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks. \u003cp\u003e\u003c\/p\u003eIn the book's nine guided labs, which target intentionally vulnerable APIs, you'll practice: \u003cbr\u003e \u003cb\u003e-\u003c\/b\u003e Enumerating APIs users and endpoints using fuzzing techniques\u003cbr\u003e \u003cb\u003e-\u003c\/b\u003e Using Postman to discover an excessive data exposure vulnerability\u003cbr\u003e \u003cb\u003e-\u003c\/b\u003e Performing a JSON Web Token attack against an API authentication process\u003cbr\u003e \u003cb\u003e-\u003c\/b\u003e Combining multiple API attack techniques to perform a NoSQL injection\u003cbr\u003e \u003cb\u003e-\u003c\/b\u003e Attacking a GraphQL API to uncover a broken object level authorization vulnerability \u003cp\u003e\u003c\/p\u003eBy the end of the book, you'll be prepared to uncover those high-payout API bugs other hackers aren't finding and improve the security of applications on the web.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eBinding Type:\u003c\/b\u003e Paperback\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e No Starch Press\u003cbr\u003e\u003cb\u003ePublished:\u003c\/b\u003e 07\/05\/2022\u003cbr\u003e\u003cb\u003eISBN:\u003c\/b\u003e 9781718502444\u003cbr\u003e\u003cb\u003ePages:\u003c\/b\u003e 368","brand":"Corey J. Ball","offers":[{"title":"Default Title","offer_id":42114593390773,"sku":"9781718502444","price":50.99,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0473\/0804\/6492\/products\/img_f609e6ba-34cb-453e-bd93-3ab76caa22f7.jpg?v=1652152385","url":"https:\/\/pastforward.org\/products\/hacking-apis-breaking-web-application-programming-interfaces-9781718502444","provider":"Past Forward","version":"1.0","type":"link"}