-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAPI-Pentest_Guide_2021
More file actions
37 lines (28 loc) · 2.59 KB
/
API-Pentest_Guide_2021
File metadata and controls
37 lines (28 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Blogs & Video links
https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/
API hacking by Katie Paxton-Fear
https://youtu.be/qqmyAxfGV9c
https://www.youtube.com/watch?v=cWSu2Ja65Z4
https://www.youtube.com/watch?v=yCUQBc2rY9Y&list=PLbyncTkpno5HqX1h2MnV6Qt4wvTb8Mpol
HACKTIVITY
https://www.youtube.com/watch?v=zW8QF3x3oSU
https://www.youtube.com/watch?v=HXci0-NSwOs
API 101 - https://www.youtube.com/watch?v=ijalD2NkRFg
BADAPI - https://www.youtube.com/watch?v=UT7-ZVawdzA
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Part1: Introduction | Enumeration | tools
https://www.youtube.com/watch?v=UD6n666nS8I
https://virgool.io/class313/%D9%85%D9%82%D8%AF%D9%85%D9%87-%D8%A7%DB%8C-%D8%A8%D8%B1-%D8%AA%D8%B3%D8%AA-%D9%86%D9%81%D9%88%D8%B0-%D9%88%D8%A8%D8%B3%D8%B1%D9%88%DB%8C%D8%B3-os12uh6bbyy4
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Part2: XXE | XPath Injection | APi sql injection
https://www.youtube.com/watch?v=AIBC0WRf38A
https://virgool.io/class313/%D8%A2%D8%B3%DB%8C%D8%A8-%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C-%D9%87%D8%A7%DB%8C-xxexpath-injectionapi-sql-injection-nfudsdnvjlv4
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Part3: Xml bomb | command Injection | XST| SSRF
https://www.youtube.com/watch?v=vKm_WHxczow&feature=youtu.be
https://virgool.io/class313/%D8%A2%D8%B3%DB%8C%D8%A8-%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C-%D9%87%D8%A7%DB%8C-xml-bombcommand-injection-xst-ssrf-%D8%AF%D8%B1-%D9%88%D8%A8%D8%B3%D8%B1%D9%88%DB%8C%D8%B3-%D9%87%D8%A7-htnh2lninb8c
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Part4: CORS | SOME | JWT | IDOR
https://www.youtube.com/watch?v=NbJwjnoJr5g&feature=youtu.be
https://virgool.io/class313/%D8%A2%D8%B3%DB%8C%D8%A8-%D9%BE%D8%B0%DB%8C%D8%B1%DB%8C-%D9%87%D8%A7%DB%8C-corssomejwtidor-%D8%AF%D8%B1-%D9%88%D8%A8%D8%B3%D8%B1%D9%88%DB%8C%D8%B3-%D9%87%D8%A7-xwm2fkivu3so
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------