Hacking APIs: Breaking Web Application Programming Interfaces

by: Corey J. Ball (0)

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
  You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.
  In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
  • Enumerating APIs users and endpoints using fuzzing techniques
  • Using Postman to discover an excessive data exposure vulnerability
  • Performing a JSON Web Token attack against an API authentication process
  • Combining multiple API attack techniques to perform a NoSQL injection
  • Attacking a GraphQL API to uncover a broken object level authorization vulnerability
  By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.

The Reviews

The author has done a perfect job of structuring and explaining this book. Not only does he explain in great detail for the beginner how APIs work, he shows in depth how to exploit them and walks you through the latest tools used to enumerate and dissect them and understand what's going on behind the scenes. On top of it all there are labs where you can practice and the book is very well written so that you can follow along throughout and "learn as you go" so to speak.I have been looking for a resource on APIs as I begin bug bounty hunting, and this, by far has been the most valuable by itself. Definitely buy this book if like me, you want to learn about the intricacies of APIs and how to find and exploit the vulnerabilities for bug bounty.

by Amazon Customer on Jul 29, 2022

Not finished with it, yet, but at about 40% though it, it’s been really good. Stay tuned!

by Infosec-Geek on Jul 12, 2022

Hacking APIs is very well written and easy to follow. The author communicates to you throughout the book and uses plenty of examples to illustrate their point. After researching the API market, there is really nothing out there like this book. Must purchase!

by Andrew on Jul 14, 2022

This is a great book. The author is in a class of his own. I read a lot of books in this area because of my work and this one stands out. I highly recommend.

by andre J. on Aug 01, 2022

A very current overview of how web applications and APIs work; configuring and using enumeration and attack tools such as Postman, Burp, OWASP ZAP, etc.; how to build a lab environment for hands-on experimenting.As the chapters progress, concepts covered are applied to enumerating services, finding vulnerabilities, and attacking endpoints in the OWASP crAPI project. (which is awesome)For red team, blue team, or developers trying to build secure API and web applications, this book will be an essential reference.

by John Lockney on Jul 22, 2022

This is a really great book that does a great job of balancing theory and strategy with the tactical approaches to testing APIs and using the most popular tools to get the job done. As with most No Starch Press books, this was well organized and thorough. A HIGHLY recommended read!

by The Wilsons on Jul 25, 2022

Hacking APIs is such a clear, organized method of teaching API hacking. The labs are really helpful. I’m very new in the journey and found this book to be priceless. API hacking is the way of the future and this book is the key to the castle.

by Jon Wallace on Sep 08, 2022

This book is filled with tons of good info, but stick with the Kindle version. Otherwise you'll be spending your time typing long, complicated URLs on almost every page. Because of this, the paper version of book is not useful and I regret not purchasing the Kindle version.

by MICHAEL MERCURIO on Sep 08, 2022

nice

by T. Vanl on Sep 03, 2022

This is an enjoyable read on hacking APIs.

by Amazon Customer on Aug 20, 2022

These are super cute fall signs. I wish they were weather-proof so that I could put them outside because they'd be adorable in fall-themed porch pots. Each sign arrives as three separate pieces that have to be assembled. This is very easy - they are held together with a toggle on the back of the sign. Since they are not weather-proof, I'm considering attaching a hanging hook and hanging one of them up on my front door without the 3rd piece/bottom stake attached. I was surprised they had to be assembled, but this does give you more options about how you want to use them. Overall, these are charming seasonal signs to welcome fall.

by Elizabeth Darcy on Aug 19, 2022

These were adorable little stakes that I was hoping to use outdoors. They are not weather resistant as stated on the sticker on the back of them, meaning they won't last long outdoors. They came in three pieces that were easy to put together but are still a little wobbly when together. They are larger than expected.

by McAnally Family on Sep 10, 2022

I really like the look of these signs, they were a really nice addition to our front garden. However, within the first day the adhesive holding the sign together failed and it fell apart. I ordered a replacement which showed up quickly. I went through the description from the company, making sure it didn’t say they can’t be outside. It doesn’t, in fact it says they’re an excellent addition to your fall garden. So I put it back outside, and the same thing happened. These should be used only indoors.

by Patrick Norman on Sep 10, 2022

Loved it

by Sandee Thorup on Aug 28, 2022
Hacking APIs: Breaking Web Application Programming Interfaces
⭐ 4.8 💛 83
Buy the Book
Hacking the System Design Interview: Real Big Tech Interview Questions and In-depth Solutions, Stanley Chiang Cracking the Coding Interview: 189 Programming Questions and Solutions, Gayle Laakmann McDowell 53 Must Do Python Projects For All, Edcorner Learning The Pragmatic Programmer: Your Journey To Mastery, 20th Anniversary Edition (2nd Edition), David Thomas Crafting Interpreters, Robert Nystrom C Programming Language, 2nd Edition, Brian W. Kernighan Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow: Concepts, Tools, and Techniques to Build Intelligent Systems, Aurélien Géron Get Coding!: Learn HTML, CSS & JavaScript & Build a Website, App & Game, Young Rewired State HTML and CSS: Design and Build Websites, Jon Duckett Python Crash Course, 2nd Edition: A Hands-On, Project-Based Introduction to Programming, Eric Matthes Excel 2022: The most updated bible to master Microsoft Excel from scratch in less than 7 minutes a day | Discover all the features & formulas with step-by-step tutorials, Leonard J. Ledger Adobe Photoshop Classroom in a Book (2023 Release), Conrad Chavez Domain-Driven Design: Tackling Complexity in the Heart of Software, Eric Evans Effective Modern C++: 42 Specific Ways to Improve Your Use of C++11 and C++14, Scott Meyers Photoshop Elements 2022 For Dummies (For Dummies (Computer/Tech)), Barbara Obermeier Head First Java: A Brain-Friendly Guide, Kathy Sierra Essential Scrum: A Practical Guide to the Most Popular Agile Process (Addison-Wesley Signature Series (Cohn)), Kenneth Rubin C++ Primer (5th Edition), Stanley Lippman Starting out with Visual C#, Tony Gaddis Python in easy steps, Mike McGrath

Your experience on this site will be improved by allowing cookies.