Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bad API, HAPI Hackers!

Bugcrowd via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive methodology for testing APIs from both black box and white box perspectives in this 24-minute conference talk by jr0ch17 at LevelUp 0x03. Dive into techniques for uncovering technical vulnerabilities, including information leakage, error message disclosure, and framework identification. Learn how to test for Remote Code Execution (RCE), SQL Injection (SQLi), XML External Entity (XXE), and stored Cross-Site Scripting (XSS). Discover strategies for identifying Insecure Direct Object References (IDORs), sensitive information leakage, and how to combine endpoints to achieve high-impact vulnerabilities such as account takeovers and authentication bypasses. Gain insights into information gathering, API key handling, automation, file uploads, and privilege escalation. Follow along with real-world examples and learn how to leverage tools like Postman for effective API testing.

Syllabus

Intro
Who am I
Methodology
Where do I start
Testing for API
Information Gathering
API Key
Automate
File uploads
Shawn Tweet
Example
SQL Injection
How I play
An example
Personal information
Testing
Privilege Escalation
I doors
Postman
Questions

Taught by

Bugcrowd

Reviews

Start your review of Bad API, HAPI Hackers!

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.