Hack Your API First
Pluralsight
Course Summary
Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
-
+
Course Description
Web based APIs have grown enormously popular in recent years. This is in response to a couple of key changes in the industry: firstly, the enormous growth of mobile apps which frequently talk to back ends over the web. Secondly, the rapidly emerging 'Internet of Things' which promises to bring connectivity to common devices we use in our everyday lives. In the rush to push these products to market, developers are often taking shortcuts on security and leaving online services vulnerable to attack. The risks are not as obvious as they may be in traditional browser based web apps, but they're extremely prevalent and attackers know how to easily identify them. This course teaches you how to go on the offense and hack your own APIs before online attackers do.
-
+
Course Syllabus
Introduction- 30m 37s
—The Age of the API 8m 40s
—The Hidden Nature of API Security 4m 44s
—What Exactly Is an API? 3m 1s
—What's the Scope of This Course? 3m 33s
—Introducing Supercar Showdown 3m 30s
—Introducing the Vulnerable Mobile App 4m 15s
—Summary 2m 50sDiscovering Device Communication With APIs- 37m 37s
—Who Are We Protecting Our APIs From? 4m 33s
—Proxying Device Traffic Through Fiddler 4m 52s
—Interpreting Captured Data in Fiddler 4m 45s
—Intercepting Mobile App Data in Fiddler 2m 22s
—Discovering More About Mobile Apps via Fiddler 7m 32s
—Filtering Traffic in Fiddler 4m 26s
—Alternate Traffic Interception Mechanisms 5m 18s
—Summary 3m 46sLeaky APIs and Hidden APIs- 41m 49sAPI Manipulation and Parameter Tampering- 32m 31sAPI Authentication and Authorization Vulnerabilities- 50m 40sWorking With SSL Encrypted API Traffic- 54m 40s