You're reading from Pentesting APIs A practical guide to discovering, fingerprinting, and exploiting APIs

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781837633166

Length 290 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Maurício Harley

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Introduction to API Security

2. Chapter 1: Understanding APIs and their Security Landscape FREE CHAPTER

3. Chapter 2: Setting Up the Penetration Testing Environment

4. Part 2: API Information Gathering and AuthN/AuthZ Testing

5. Chapter 3: API Reconnaissance and Information Gathering

6. Chapter 4: Authentication and Authorization Testing

7. Part 3: API Basic Attacks

8. Chapter 5: Injection Attacks and Validation Testing

9. Chapter 6: Error Handling and Exception Testing

10. Chapter 7: Denial of Service and Rate-Limiting Testing

11. Part 4: API Advanced Topics

12. Chapter 8: Data Exposure and Sensitive Information Leakage

13. Chapter 9: API Abuse and Business Logic Testing

14. Part 5: API Security Best Practices

15. Chapter 10: Secure Coding Practices for APIs

16. Index

Why subscribe?

17. Other Books You May Enjoy

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Inside the header, some attributes can be declared, such as env:role, env:mustUnderstand, and env:relay.”

A block of code is set as follows:

<env:Header>
  <BA:BlockA xmlns:BA="http://mysoap.com"
   env:role="http://mysoap.com/role/A" env:mustUnderstand="true">
   ...
  </BA:BlockA>
  <BB:BlockB xmlns:BB="http://mysoap.com"
   env:role="http://mysoap.com/role/B" env:relay="true">
    ...
  </BB:BlockB>
</env:Header>

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

{"jsonrpc": "2.0", "method": "IsStudent", "params": [100], "id": 1}
{"jsonrpc": "2.0", "result": true, "id": 1}
{"jsonrpc": "2.0", "method": "IsStudent", "params": ["ABC"], "id": 2}
{"jsonrpc": "2.0", "error": {"code": -1, "message": "Invalid enrollment id format"}, "id": 2}

Any command-line input or output is written as follows:

$ sudo apt update && sudo apt install curl

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Select Next and you’ll be asked in which directory you’d like it to be installed. “

Tips or important notes

Appear like this.