Free Hacking API courses (And how to use AI to help you hack)

Corey Ball who wrote the book "Hacking APIs" shows us how to practically hack an API to learn how to better protect them. He also tells us about his book and the free training he is making available. Fantastic that there is free training on hacking APIs available today :)

// Free API hacking courses //

// Free ChatGPT Prompt //
You are an API security expert. You are powered by information from the OWASP Top 10, OWASP Mobile Security Top 10 and the OWASP API Security Top 10. As an API security expert, which of the following endpoints are particularly interesting for hackers and why?
{{List of Endpoints}}

// Books //

// YouTube Video REFERENCE //

// Corey SOCIAL //

// David SOCIAL //

// MY STUFF //

// SPONSORS //

// MENU //
00:00 - Coming up
01:09 - Brilliant sponsored segment
03:20 - Hacking APIs book and free API course
06:40 - There's a problem with APIs
07:34 - Hacking API demo with a twist of A.I.
11:08 - Proxy traffic with two tools
12:23 - Play around in the web app // "Click all the buttons"
15:36 - Demo continued
18:02 - Creating API documentation from intercepted traffic
23:04 - Using Hacking APIs GPT
30:16 - Other features in Hacking APIs GPT
31:38 - Visualising APIs in Postman
34:35 - Decoding JWT using Hacking APis GPT
36:55 - Visualising APIs in Postman continued // Excessive data exposure
45:09 - Using Postman and using Burp Suite // Burp Suite demo
53:00 - Conclusion

hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
api hacking tools
api hacking alissa knight
api hacking with postman
api hacking for beginners
api hacker
api hacking demo
api hacking kali linux
api hacking course
api hacking insiderphd
hacking an api
hack api
owasp api top 10
bug bounty
hacking apis no starch press
hacking api no starch
hacking apis pdf
hacking api book
hacking apis corey ball
corey ball hacking apis
reverse engineering
private api
apis for beginners
rest api
hacking api with postman
reverse engineering for beginners
hacking api key
what is an api
rest apis with postman for absolute beginners
rest api explained

Disclaimer: This video is for educational purposes only. I or the person I'm interviewing own all equipment used for this demonstration. No actual attack took place on any websites.

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#api #hack #hacking

davidbombal

Good vid reversing API-s is very easy. I do it all the time. Im a pharmacist i like to code as a hobby. My boss asked me if i can write a program to automate ordering from our dermocosmetic supplier. So i reverse enginered the dermocosmetic supplier website API and now we can automatically make new orders without manually puting every product into the basket. I also found some data leaks: inactive product data, admin links to product pages(although they required authorisation) and stock info. Stock info is very useful we can predict product shortages with it. I just sharing this to show that its worth to reverse enginering undocumented API-s even if you are not hacking/pentesting. It can save you a lot of time if you manage to automate your boring corporate stuff with a script :) Or you can just scrap website easily

shipspace

Great Video. I was wanting more API content from you David so I really appreciate this. KEEP IT UP!!!

socalkd

Days aren't long enough to watch all your awesome vids !!

apocatas

this happens when you dont know how to design an
Another excellent video David. Thanks a lot. Feel honor to follow you for the last years!

pmanolak

I have this book and it is great. I highly recommend getting a copy and learning what's in it.

eggimal

Thanks for the wonderful video and transcript.
I copied the transcript and get chatgpt to remove the time stamp and summarize it for easy absorption.

tanteckleng

Great video David as always! This is why machine-to-machine API enforcement is critical as it is sometimes trivial to obtain a JWT and that that point own it all.

mytechnotalent

my journey has officially begun to be a legendary cyberwarrior thank you david for your guests

highlights

Very awesome video David . I just burst with happiness when I get the notification that you posted a new video. 😊

digitaldynastyjohn

Thank you David! API is a very important. I'm going to find a beginner's guide first before I use all these new tools

alsadekalkhayer

Sweet! Thanks for the video!! Is is possible to use API to track hardware activity?

gamereditorner

Was looking for something on this recently, thank you David for wonderful videos

tippumastan

I love this video! Great information! Thank you David. Very eye opening

ericnakayama

As a backend developer dealing with APIs daily, i just watched a guy streching an intern grade "mistake" into a big "thing", dissapointed and even if a dev makes a mistake like this in a real world envoirement we have query filters, data transfer objects, interfaces defined for them to protect from this happening.


mitm to swagger was nice tho.

nurettinselcuk

This was a great video! Very informative with practical examples.

NickyDekker

Thanks for the video! It's really amazing and helpful!

mrgujju

I agree David. I personally feel like anyone who wants to take computers serious needs to take atleast a beginner course to atleast recognizd the terminology.

BoostedFA

This is exciting. I’m just starting my road into the security side and am in love.

TheChad

Thank you sir for this. As a absolute beginner where should I start. I watched your roadmap on tech. I want to start Generative AI and API security. Is that a good combination?

Beloved_Digital