This book is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Corey Ball shows how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman, along with how to master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass.

The book also covers performing common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications, along with techniques for bypassing protections against these attacks.

Author: Corey Ball
Publisher: No Starch Press
Date: July 2022
Pages: 368
ISBN: 978-1718502444
Print: 1718502443
Kindle: B09M82N4B4
Audience: Developers interested in security
Level: Intermediate
Category: Security

Guided Labs include: 

• Enumerating APIs users and endpoints using fuzzing techniques
• Using Postman to discover an excessive data exposure vulnerability
• Performing a JSON Web Token attack against an API authentication process
• Combining multiple API attack techniques to perform a NoSQL injection
• Attacking a GraphQL API to uncover a broken object level authorization vulnerability

Related Articles

Learn To Protect Your APIs By Hacking Them

For more Book Watch just click.

Book Watch is I Programmer's listing of new books and is compiled using publishers' publicity material. It is not to be read as a review where we provide an independent assessment. Some, but by no means all, of the books in Book Watch are eventually reviewed.

To have new titles included in Book Watch contact  BookWatch@i-programmer.info

Follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.