5 Injection Attacks and Validation Testing

We are starting a new part of the book. So far, you have had an introduction to API security, how we can acquire more data about the target – with the important reconnaissance and information gathering chapter – and learned ways to test both authentication and authorization mechanisms most APIs implement nowadays. Now, it’s time to dive deeper into the waters of attacks. This part starts with injection and validation (or the lack of it) testing.

These kinds of attacks are not new at all, but it’s impressive how often they show up in media headlines around the world, affecting pretty much all kinds and sizes of companies. Hopefully, you already know they are not limited to Structured Query Language

Get Pentesting APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting APIs by Maurício Harley

5

Injection Attacks and Validation Testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly