Summary
We have covered a lot of ground in this chapter, and you are well placed to begin the next step of our journey—discovering and attacking APIs. The first consideration when attacking an API is how to interact with it (usually via a reverse proxy), followed by gathering metadata about the API, including keys, tokens, and endpoints.
We learned how API hackers are spoilt for choice when it comes to tools to use against APIs. By far the most important of these are the Postman API browser and the Burp Suite security testing tool. Finally, we covered several excellent educational resources available to API hackers.
Let’s dive into the next exciting chapter in our journey—looking at how to discover APIs.
