The Ultimate Guide of Api Hacking Resources
The Ultimate Guide of Api Hacking Resources
A
APIs.
t hrough their REST APIs and finding security penAPI - The OpenAPI Specification (OAS)
O
and reliability bugs in these services.
defines a standard, language-agnostic
interface to
RESTful APIs which allows both humans and
computers to discover and understand the
PI Security Testing for Hackers from
A capabilities
BugCrowd’s LevelUp
API Protocols and Specifications of the service without access to source code,
documentation, or through network traffic
ad API, hAPI Hackers! from BugCrowd’s
B inspection.
LevelUp
AML - RAML is a language for the definition
R
idden in Plain Site: Disclosing Information
H of HTTP-based APIs that embody most or all
Webinars
via Your APIs from BugCrowd’s LevelUp of the
principles of Representational State Transfer (
EST in Peace: Abusing GraphQL to Attack
R REST).
Underlying Infrastructure from BugCrowd’s
LevelUp OAP - SOAP is a lightweight protocol
S
intended for exchanging structured
Hacker’s View of APIs: Vulnerabilities,
A information in a
Exploits and Defense Options from Ping decentralized, distributed environment. It
Identity TV uses XML to define an extensible messaging
framework
API Hacking by Hack the Planet API Hacking Videos and Podcasts providing a message construct that can be
exchanged over a variety of underlying
API hacking with Postman by The XSS rat YouTube Playlists protocols.
Troy Hunt: Hack Your API-Security Testing API HACKING on disparate
operating systems, running in different
We Hack Purple - API Security Best Practices RESOURCES environments to make procedure calls over
the Internet. It's
remote procedure calling using HTTP as the
transport and XML as the encoding.
uzzing APIs - Fuzzing APIs chapter from "
F
The Fuzzing Book"
acking APIs: Breaking Web Application
H
uzz Vectors - OWASP’s guidance on
F Programming Interfaces
fuzzing in their Web Security Testing Guide ( Fuzzing
WSTG) he Web Application Hacker's Handbook:
T
BOOKS Finding and Exploiting Security Flaws if you need any book send me
ESTler: Stateful REST API Fuzzing -
R
Microsoft’s research on REST API fuzzing
eb Application Security: Exploitation and
W
Countermeasures for Modern Web
PI endpoints & objects - 3203 common API
A Applications
endpoints and objects designed for fuzzing.
REST Assessment
PISandbox - Pre-Built Vulnerable Multiple
A Cheatsheets & Checklists
API Scenarios Environments Based on REST Securit
Docker-Compose
API Penetration Testing
rAPI - Completely ridiculous API (crAPI) will
c
help you to understand the ten most critical
Checklists API Testing
API security risks.
on willingly vulnerable ReSTful APIs. Using Burp to Enumerate a REST API