3 API Reconnaissance and Information Gathering

Knowing the terrain before committing to attacking it is a military maxim. Sun Tzu, the famous author of the bestseller The Art of War wrote that “you should have a strong sense of the surrounding terrain.” Getting to know the target API is as important as deleting the intrusion evidence of the attack. So, know before you go!

API reconnaissance and information gathering is the process of collecting information about an API, such as its endpoints, methods, parameters, authentication mechanisms, and business purpose. This information can then be used to identify security weaknesses, test the API’s functionality, or develop new applications that interact with the API.

In this chapter, you will learn ...

Get Pentesting APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting APIs by Maurício Harley

3

API Reconnaissance and Information Gathering

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly