Hacking APIs: Breaking Web Application Programming Interfaces

Tình trạng: Còn hàng

Tác giả: No Starch Press

Loại: Programming

Hacking APIs is a focused course aimed at teaching individuals how to conduct security testing on web APIs. It prepares participants for penetration testing and participating in bug bounty programs by covering essential techniques and strategies to identify vulnerabilities in APIs. This training can be valuable for anyone looking to enhance their skills in web application security.

[Xem chi tiết]

160.000₫ ~~205.000₫~~

Mô tả

📚📚 I. THÔNG TIN SẢN PHẨM
📒 Mã sản phẩm : STT1450
📒 Nhà xuất bản : No Starch Press (July 12, 2022)
📒 Tác giả : Corey J. Ball
📒 ISBN : 1718502443
📒 Số trang : 368 trang
📒 Hình thức : Bìa Mềm, in ĐEN TRẮNG
📒 Loại : Sách gia công đóng gáy keo chắc chắn chất lượng cao
📒 Giấy in : Giấy ngoại định lượng 70msg, viết vẽ và hightlight thoải mái.
📒 Chất lượng : Bản in rõ nét, giá rất tốt cho mọi người.

📚📚 II. MÔ TẢ SẢN PHẨM
📒 1.Mô tả sản phẩm
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.

In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
Enumerating APIs users and endpoints using fuzzing techniques
Using Postman to discover an excessive data exposure vulnerability
Performing a JSON Web Token attack against an API authentication process
Combining multiple API attack techniques to perform a NoSQL injection
Attacking a GraphQL API to uncover a broken object level authorization vulnerability

By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

📒 2. Tác giả
Corey Ball is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare. In addition to a bachelor’s degree in English and philosophy from Sacramento State University, Corey holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications.