You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781837633166

Length 290 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Maurício Harley

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Introduction to API Security

2. Chapter 1: Understanding APIs and their Security Landscape FREE CHAPTER

3. Chapter 2: Setting Up the Penetration Testing Environment

4. Part 2: API Information Gathering and AuthN/AuthZ Testing

5. Chapter 3: API Reconnaissance and Information Gathering

6. Chapter 4: Authentication and Authorization Testing

7. Part 3: API Basic Attacks

8. Chapter 5: Injection Attacks and Validation Testing

9. Chapter 6: Error Handling and Exception Testing

10. Chapter 7: Denial of Service and Rate-Limiting Testing

11. Part 4: API Advanced Topics

12. Chapter 8: Data Exposure and Sensitive Information Leakage

13. Chapter 9: API Abuse and Business Logic Testing

14. Part 5: API Security Best Practices

15. Chapter 10: Secure Coding Practices for APIs

16. Index

Why subscribe?

17. Other Books You May Enjoy

The importance of secure coding practices

I’m not trying to teach your grandmother to suck eggs. Not at all. However, as I like to say in person and while writing this book, it never hurts to emphasize concepts and ideas that are paramount to something. Putting API-secure coding into practice is important because of the intricate and complex role APIs play in software development. They act as links between diverse applications and services, making them able to talk to each other and exchange data. This feature-rich scenario results in a situation in which the vulnerabilities embedded in some API may be explored (or, as is most commonly said, exploited), allowing unauthorized data access, privilege escalation, service disruption, or system criminal ownership, and sometimes resulting in data ransom. Thus, secure coding practices aid in mitigating these risks by increasing API robustness against common threats, such as injection (SQL or NoSQL), Cross-site Scripting (XSS), and Man...