Text
Hacking APIs: breaking web application programming interfaces
Today’s researchers estimate that application programming interface (API) calls make up more than 80 percent of all web traffic. Yet despite their prevalence, web application hackers often fail to test them. And these vital business assets can be riddled with catastrophic weaknesses.
As you’ll see in this book, APIs are an excellent attack vector. After all, they’re designed to expose information to other applications. To compromise an organization’s most sensitive data, you may not need to cleverly penetrate the perimeter of a network firewall, bypass an advanced antivirus, and release a zero day; instead, your task could be as simple as making an API request to the right endpoint.
The goal of this book is to introduce you to web APIs and show you how to test them for a myriad of weaknesses. We’ll primarily focus on testing the security of REST APIs, the most common API format used in web applications, but will cover attacking GraphQL APIs as well. You’ll first learn tools and techniques for using APIs as intended. Next, you’ll probe them for vulnerabilities and learn how to exploit those vulnerabilities. You can then report your findings and help prevent the next data breach.
Tidak tersedia versi lain