You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781837633166

Length 290 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Maurício Harley

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Introduction to API Security

2. Chapter 1: Understanding APIs and their Security Landscape FREE CHAPTER

3. Chapter 2: Setting Up the Penetration Testing Environment

4. Part 2: API Information Gathering and AuthN/AuthZ Testing

5. Chapter 3: API Reconnaissance and Information Gathering

6. Chapter 4: Authentication and Authorization Testing

7. Part 3: API Basic Attacks

8. Chapter 5: Injection Attacks and Validation Testing

9. Chapter 6: Error Handling and Exception Testing

10. Chapter 7: Denial of Service and Rate-Limiting Testing

11. Part 4: API Advanced Topics

12. Chapter 8: Data Exposure and Sensitive Information Leakage

13. Chapter 9: API Abuse and Business Logic Testing

14. Part 5: API Security Best Practices

15. Chapter 10: Secure Coding Practices for APIs

16. Index

Why subscribe?

17. Other Books You May Enjoy

Denial of Service and Rate-Limiting Testing

Continuing from basic API attacks, it’s now time for us to understand more about denial-of-service (DoS) and distributed denial-of-service (DDoS) threats and answer some questions, such as the following: Why are they so important? How impactful they could be for API endpoints? What can we leverage to successfully manage the triggering of these sorts of attacks? You will learn that DoS, especially the distributed form of it, is a global problem affecting pretty much any publicly exposed endpoint or application. Additionally, software that is only privately accessible is not immune to them. Although sometimes rarer, insider threats are present and can disrupt internal applications.

Rate limiting is a key defense mechanism against DoS attacks, designed to control the amount of traffic an API can handle from a particular user or IP address over a specific period. It prevents users from making too many requests in a short amount of time...