FREE copy of Hacking APIs book! #apisecurity

⭐ Win a FREE copy of book - Hacking APIs - autographed by author Corey Ball!
👉🏼 To enter, simply check out the pinned comment below for instructions!

Hacking APIs is a crash course on #webapi security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.

In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating APIs users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object-level authorization vulnerability

By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

Hacking APIs - Breaking Web Application Programming Interfaces
ISBN-13: 9781718502444

▬▬▬▬▬ 🖊️ AUTHOR 🖊️ ▬▬▬▬▬
Corey Ball is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare. In addition to a bachelor’s degree in English and philosophy from Sacramento State University, Corey holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications.

▬▬▬▬ 🟣 API SECURITY 🟣 ▬▬▬▬▬
APIs are everywhere and API Security has never been more important than it is right now. API abuses have risen in the past few years and it is difficult to go even a week without reading about another API that has been attacked. By securing your APIs using API Security solutions and API Management best practices, you can mitigate attacks and protect your organization, your customers, your data, and your reputation.

▬▬▬▬▬ 🟢 WHAT IS OWASP? 🟢 ▬▬▬▬▬
OWASP stands for "Open Web Application Security Project" and they are an international non-profit organization dedicated to web application security.

▬▬▬▬▬ 🟡 OWASP API SECURITY 🟡 ▬▬▬▬▬
What is the OWASP Top 10 for API Security?
⭐ Broken Object Level Authorization
⭐ Broken User Authentication
⭐ Excessive Data Exposure
⭐ Lack of Resources & Rate Limiting
⭐ Broken Function Level Authorization
⭐ Mass Assignment
⭐ Security Misconfiguration
⭐ Injection
⭐ Improper Assets Management
⭐ Insufficient Logging & Monitoring

▬▬▬▬▬ 🔵 BONUS LINKS 🔵 ▬▬▬▬▬

▬▬▬▬▬ 🟠 WHAT IS AN API? 🟠 ▬▬▬▬▬
Basically, it is non-human systems that talk to each other in an agreed-upon way! API Management, which includes things like API Gateway and API Developer Portal, allows your APIs to scale while prioritizing API Security. This is all part of API First methodology which helps drive the API Economy.

▬▬▬▬▬ ❤️ LEVEL-UP ❤️ ▬▬▬▬▬
🔔 Subscribe ▪ Get notified when new content is available!
👍🏻 Thumbs Up! ▪ Love APIs? 😍 Like our video and share it!
💬 Comment ▪ Let us know what you think of this episode!

▬▬▬▬▬ 👀 LET'S CONNECT 👀 ▬▬▬▬▬

▬▬▬▬▬ ⚡ SUPERCHARGE ⚡ ▬▬▬▬▬

▬▬▬▬▬ 📘 CREDITS 📘 ▬▬▬▬▬
All music is used with proper license and permission of the original creators for use in monetized and non-monetized videos on this YouTube channel.

#api #infosec #cybersecurity