Testing and Hacking APIs
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the world of API security in this 28-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the unique challenges of testing and hacking APIs in modern applications, including web, mobile, and IoT. Learn to leverage the API battleground by understanding application implementation from API traffic, detecting potential vulnerabilities, and conducting effective penetration tests. Gain insights from an experienced application security professional on topics such as API care, call verification, access control evaluation, and common API vulnerabilities. Discover techniques for finding APIs, exploiting mass assignment vulnerabilities, and expanding the attack surface. Perfect for security researchers and pentesters looking to adapt their skills to the evolving landscape of API-centric applications.
Syllabus
Intro
About Anand Shetty
What are APIs
What happens today
Good and bad news
New mindset
API care
API call verification
Access control evaluation
API vulnerabilities
How to find APIs
Mass Assignment
Masked Assignment
Mass Assignment Exploit
ClientSide Data Filtering
Expanding the Attack Surface
Example
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube