Hacking APIs (No Starch Press)
Wednesday, 07 September 2022

This book is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Corey Ball shows how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman, along with how to master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass.

<ASIN:1718502443>

The book also covers performing common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications, along with techniques for bypassing protections against these attacks.

Author: Corey Ball
Publisher: No Starch Press
Date: July 2022
Pages: 368
ISBN: 978-1718502444
Print: 1718502443
Kindle: B09M82N4B4
Audience: Developers interested in security
Level: Intermediate
Category: Security

 

Guided Labs include: 

  • Enumerating APIs users and endpoints using fuzzing techniques
  • Using Postman to discover an excessive data exposure vulnerability
  • Performing a JSON Web Token attack against an API authentication process
  • Combining multiple API attack techniques to perform a NoSQL injection
  • Attacking a GraphQL API to uncover a broken object level authorization vulnerability

 

Related Articles

Learn To Protect Your APIs By Hacking Them

 

For more Book Watch just click.

Book Watch is I Programmer's listing of new books and is compiled using publishers' publicity material. It is not to be read as a review where we provide an independent assessment. Some, but by no means all, of the books in Book Watch are eventually reviewed.

To have new titles included in Book Watch contact  BookWatch@i-programmer.info

Follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.

 

 

Banner
 


Coding for Beginners, 2nd Ed (In Easy Steps)

Author: Mike McGrath
Publisher: In Easy Steps
Pages: 192
ISBN:978-1840789751
Print:1840789751
Kindle: B0B56LN77V
Audience: Complete beginners to programming
Rating: 4
Reviewer: Sue Gee

This book aims to introduce hands-on modern programming to complete beginners. Can this be achieved in fewer than 180 [ ... ]



Modern Software Engineering (Addison-Wesley)

Author: David Farley
Pages: 256
ISBN: 978-0137314911
Print:0137314914
Kindle: B09GG6XKS4
Audience: Software Engineers
Rating: 3.5
Reviewer: Kay Ewbank

This book is subtitled 'doing what works to build better software faster' - does it teach you how to achieve that?


More Reviews