YoVDO

Bad API, HAPI Hackers!

Offered By: Bugcrowd via YouTube

Tags

Ethical Hacking Courses Cybersecurity Courses Penetration Testing Courses Cross-Site Scripting (XSS) Courses SQL Injection Courses Insecure Direct Object References (IDOR) Courses Privilege Escalation Courses

Course Description

Overview

Explore a comprehensive methodology for testing APIs from both black box and white box perspectives in this 24-minute conference talk by jr0ch17 at LevelUp 0x03. Dive into techniques for uncovering technical vulnerabilities, including information leakage, error message disclosure, and framework identification. Learn how to test for Remote Code Execution (RCE), SQL Injection (SQLi), XML External Entity (XXE), and stored Cross-Site Scripting (XSS). Discover strategies for identifying Insecure Direct Object References (IDORs), sensitive information leakage, and how to combine endpoints to achieve high-impact vulnerabilities such as account takeovers and authentication bypasses. Gain insights into information gathering, API key handling, automation, file uploads, and privilege escalation. Follow along with real-world examples and learn how to leverage tools like Postman for effective API testing.

Syllabus

Intro
Who am I
Methodology
Where do I start
Testing for API
Information Gathering
API Key
Automate
File uploads
Shawn Tweet
Example
SQL Injection
How I play
An example
Personal information
Testing
Privilege Escalation
I doors
Postman
Questions


Taught by

Bugcrowd

Related Courses

PHP with MySQL Essential Training: 2 Build a CMS
LinkedIn Learning Bug Bounty
YouTube Beginner Bug Bounty Course - Web Application Hacking
YouTube Owning Cody's First Blog - RCE on Hacker101 and Hacking on FFH from BugBountyNotes.com - IDOR
NahamSec via YouTube Using BurpSuite's Intruder for Bug Hunting and CTF Challenges
NahamSec via YouTube