7 Attacking APIs

In the previous chapter, we explored the passive and active techniques that can be used to discover APIs. The focus in this chapter moves on to actively attacking and exploiting those APIs using various methods to exploit vulnerabilities in the API design or implementation. By the end of this key chapter of the book, you will be able to attack APIs on your own using various techniques. As a builder of APIs, one of the best ways to test their defense is to attack them yourself.

Secure APIs rely on strong authentication and authorization. In the first topic, we will learn how to attack by identifying design and implementation weaknesses. Fuzzing and brute force attacks are among the easiest to perform, and you will learn how to ...

Get Defending APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Defending APIs by Colin Domoney

7

Attacking APIs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly