5 Foundations of Attacking APIs

In this chapter, the focus turns to the foundational issues associated with attacking APIs. Firstly, we will understand the different ways that an attacker can exploit an API using methods that include passive monitoring (discovery) and active interception, including the modification of requests and responses. We will then focus on a selection of the most important tools available to an aspiring API attacker and demonstrate how these can be used to perform core attacks, such as cracking passwords or tokens. Finally, we will combine this knowledge to build our own hacking laboratory and commence attacking some popular vulnerable APIs.

This chapter will equip you with the foundational knowledge used by API hackers—there ...

Get Defending APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Defending APIs by Colin Domoney

5

Foundations of Attacking APIs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly