实用 API 攻击
Practical API Hacking
- 1-Welcome to the Course
- 1-start here
- 2-course discord & getting support
- 2-Introduction
- 1-What is an API
- 2-intercting with APIs
- 3-Types of APIs
- 4-API security
- 3-Las Setup
- 1-Tool Installation
- 2-BURP Suite Introduction
- 3-Postman Introduction
- 4-Docker Introduction
- 4-Enumerating APIs
- 1-Introduction to Enumeration
- 2-Fuzzing APIs
- 3-Discovery via source code
- 5-Attacking Authorization
- 1-Introduction to Authorization
- 2-BOLA lab
- 3-BFLA lab
- 4-Challenge Solution
- 6-Attacking Authentification
- 1-Introduction to Authentification
- 2-Attacking Authentification
- 3-Attacking Tokens
- 4-JSON Web Tokens -Part 1 Theory
- 5-JSON Web Tokens -Part 2 Attacking
- 6-JSON Web Tokens -Part 1 jwt_tool
- 7-Challenge Solution
- 7-Injection
- 1-Introduction to Injection Attacks
- 2-Introduction to SQL Injection
- 3-SQL Injection Lab
- 4-SQL Injection Lab -Login Bypass
- 5-NoSQL Injection Lab
- 6-Challenge Solution
- 8-Mid-course Capstone
- 1-Mid-course Capstone Challenge
- 2-Challenge Solution
- 9-Mass Assignment
- 1-Introduction to Mass Assignment
- 2-Code Walkthrough
- 3-Mass Assignment Lab
- 4-Challenge Solution
- 10-Excessive Data Exposure
- 1-Introduction to Data Exposure
- 2-Excessive Data Exposure Lab
- 3-Challenge Solution
- 11-SSRF - Server-side Request Forgery
- 1-Introduction to SSRF
- 2-SSRF Lab
- 3-Challenge Solution
- 12-Chaining Vulnerabilities
- 1-Command Injection
- 2-Challenge Solution
- 13-Final Capstone
- 1-Final Capstone Challenge
- 2-Challenge Solution
- 3-Congratulation & Thank You