Testing and Hacking APIs
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the world of API security in this 28-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the unique challenges of testing and hacking APIs in modern applications, including web, mobile, and IoT. Learn to leverage the API battleground by understanding application implementation from API traffic, detecting potential vulnerabilities, and conducting effective penetration tests. Gain insights from an experienced application security professional on topics such as API care, call verification, access control evaluation, and common API vulnerabilities. Discover techniques for finding APIs, exploiting mass assignment vulnerabilities, and expanding the attack surface. Perfect for security researchers and pentesters looking to adapt their skills to the evolving landscape of API-centric applications.
Syllabus
Intro
About Anand Shetty
What are APIs
What happens today
Good and bad news
New mindset
API care
API call verification
Access control evaluation
API vulnerabilities
How to find APIs
Mass Assignment
Masked Assignment
Mass Assignment Exploit
ClientSide Data Filtering
Expanding the Attack Surface
Example
Taught by
OWASP Foundation
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera