You're reading from API Security for White Hat Hackers Uncover offensive defense strategies and get up to speed with secure API implementation

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781800560802

Length 418 pages

Edition 1st Edition

Concepts

Ethical Hacking

Author (1):

Confidence Staveley

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Understanding API Security Fundamentals FREE CHAPTER

2. Chapter 1: Introduction to API Architecture and Security

3. Chapter 2: The Evolving API Threat Landscape and Security Considerations

4. Chapter 3: OWASP API Security Top 10 Explained

5. Part 2: Offensive API Hacking

6. Chapter 4: API Attack Strategies and Tactics

7. Chapter 5: Exploiting API Vulnerabilities

8. Chapter 6: Bypassing API Authentication and Authorization Controls

9. Chapter 7: Attacking API Input Validation and Encryption Techniques

10. Part 3: Advanced Techniques for API Security Testing and Exploitation

11. Chapter 8: API Vulnerability Assessment and Penetration Testing

12. Chapter 9: Advanced API Testing: Approaches, Tools, and Frameworks

13. Chapter 10: Using Evasion Techniques

14. Part 4: API Security for Technical Management Professionals

15. Chapter 11: Best Practices for Secure API Design and Implementation

16. Chapter 12: Challenges and Considerations for API Security in Large Enterprises

17. Chapter 13: Implementing Effective API Governance and Risk Management Initiatives

18. Index

Why subscribe?

19. Other Books You May Enjoy

Using Evasion Techniques

Evasion techniques are strategies employed by malicious actors to circumvent or avoid detection and countermeasures put in place to secure APIs. These techniques are designed to make it challenging for security systems to identify, analyze, or prevent unauthorized access, data breaches, or other malicious activities conducted through APIs. Evasion techniques can encompass a range of methods, including obfuscation to conceal the true nature of code or communication, encoding and encryption to hide information from traditional inspection methods, steganography to embed malicious content within seemingly innocuous API traffic, and polymorphism to dynamically alter the appearance of APIs to evade recognition.

This chapter will embark on an in-depth exploration of API security evasion strategies, showcasing the intricate techniques that threat actors employ to infiltrate and exploit APIs. We will focus on the shadows cast by obfuscation, encoding, and encryption...