Sveriges mest populära poddar

David Bombal

#399: Free API Hacking course!

42 min • 15 augusti 2022
I interview Corey Ball who wrote the book "Hacking APIs" and he tells us about his book and the free training he is making available. This is a cool announcement :) // MENU // 00:00 - Why talk about pentesting at all? 00:21 - Welcome//Corey 00:48 - What is an API and Why Care? 01:52 - Free API Hacking Course! 02:11 - Overview//Course 02:28 - Do I Need the Book to do the Course? 02:39 - Pre-reqs for Course 03:07 - Cert//When? 03:22 - Hacking APIs//Origin Story 05:34 - The Start//USPS Data Leak 07:31 - OWASP Top 10 Explained 07:49 - API1//Broken Object Level Authorization 08:46 - Testing for BOLA 09:59 - API2//Broken User Authentication 10:35 - Leaked API Keys on GitHub? 10:59 - API3//Excessive Data Exposure 12:05 - API9//Improper Asset Management 13:53 - The World is Running on APIs 14:53 - Who is this Book For? 16:19 - Set Up Hacking Lab 17:47 - You Just Need a Laptop to Start Hacking! 17:52 - Free API Hacking Tools 20:14 - What is Kiterunner 20:47 - Gobuster vs Kiterunner 21:51 - Free Wordlists! 22:05 - What is fuzzing and free fuzzing tool 23:17 - More Tools? 23:47 - How To Find APIs 25:02 - Using nmap to find APIs? 26:09 - Hacking APIs as your start in hacking 28:09 - Difference//REST//GraphQL 29:07 - Learn REST or GraphQL? 31:07 - Take a University Course? 31:44 - Hacking Certifications//Worth It? 33:42 - Being Hacked//How Corey Started 36:31 - Corey's OSCP Experience 38:09 - Hacking APIs As An Alternative Path 38:41 - Resources to Start With 39:26 - Ten Years of Experience? 39:52 - Huge Demand for Hacking APIs 40:25 - The Course is Completely Free 40:47- Breaking Barriers! 41:37 - Thank You & Final Words // Free API hacking course // APIsec Certified Expert Course: https://university.apisec.ai/ // Defcon Workshop notes // https://sway.office.com/HVrL2AXUlWGNDHqy // Books // Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF // YouTube channels mentioned // InsiderPHD: https://www.youtube.com/c/InsiderPhD IppSec: https://www.youtube.com/c/ippsec/videos // Corey SOCIAL // LinkedIn: https://www.linkedin.com/in/coreyjball/ Twitter: https://twitter.com/hAPI_hacker // David SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] hacking api api api hacking api hacking tutorial api hacking bug bounty api hacking 101 api hacking full course api hacking tools api hacking alissa knight api hacking with postman api hacking for beginners api hacker api hacking demo api hacking kali linux api hacking course api hacking insiderphd hacking an api hack api owasp api top 10 bug bounty hacking apis no starch press hacking api no starch hacking apis pdf hacking api book hacking apis corey ball corey ball hacking apis reverse engineering private api apis for beginners rest api hacking api with postman reverse engineering for beginners hacking api key what is an api rest apis with postman for absolute beginners rest api explained #api #hack #hacking
Kategorier
Förekommer på
00:00 -00:00