Free API Hacking course!
Skills:
Network Security70%
Key Takeaways
Introduces a free API hacking course with Corey Ball, author of 'Hacking APIs'
Original Description
I interview Corey Ball who wrote the book "Hacking APIs" and he tells us about his book and the free training he is making available. This is a cool announcement :)
// MENU //
00:00 - Why talk about pentesting at all?
00:21 - Welcome//Corey
00:48 - What is an API and Why Care?
01:52 - Free API Hacking Course!
02:11 - Overview//Course
02:28 - Do I Need the Book to do the Course?
02:39 - Pre-reqs for Course
03:07 - Cert//When?
03:22 - Hacking APIs//Origin Story
05:34 - The Start//USPS Data Leak
07:31 - OWASP Top 10 Explained
07:49 - API1//Broken Object Level Authorization
08:46 - Testing for BOLA
09:59 - API2//Broken User Authentication
10:35 - Leaked API Keys on GitHub?
10:59 - API3//Excessive Data Exposure
12:05 - API9//Improper Asset Management
13:53 - The World is Running on APIs
14:53 - Who is this Book For?
16:19 - Set Up Hacking Lab
17:47 - You Just Need a Laptop to Start Hacking!
17:52 - Free API Hacking Tools
20:14 - What is Kiterunner
20:47 - Gobuster vs Kiterunner
21:51 - Free Wordlists!
22:05 - What is fuzzing and free fuzzing tool
23:17 - More Tools?
23:47 - How To Find APIs
25:02 - Using nmap to find APIs?
26:09 - Hacking APIs as your start in hacking
28:09 - Difference//REST//GraphQL
29:07 - Learn REST or GraphQL?
31:07 - Take a University Course?
31:44 - Hacking Certifications//Worth It?
33:42 - Being Hacked//How Corey Started
36:31 - Corey's OSCP Experience
38:09 - Hacking APIs As An Alternative Path
38:41 - Resources to Start With
39:26 - Ten Years of Experience?
39:52 - Huge Demand for Hacking APIs
40:25 - The Course is Completely Free
40:47- Breaking Barriers!
41:37 - Thank You & Final Words
// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/
// Defcon Workshop notes //
https://sway.office.com/HVrL2AXUlWGNDHqy
// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF
// YouTube channels mentioned //
InsiderPHD: https://www.youtube.com/
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from David Bombal · David Bombal · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
RYU SDN Controller Part 4: Graphical User Interface (GUI): Practical GNS3 SDN and OpenFlow
David Bombal
HPE Network Protector SDN Application Part 1 - Introduction
David Bombal
HPE Network Protector SDN Application Part 2 : DNS Interception using OpenFlow
David Bombal
HPE Network Protector SDN Application Part 3 - Lab Setup using Physical Switches
David Bombal
HPE Network Protector SDN Application Part 4 - Demo of malicious websites blocked
David Bombal
HPE Network Protector SDN Application Part 5 - Demo OpenFlow table interception flows
David Bombal
HPE Network Protector SDN Application Part 6 - Demo of Physical Switch configuration
David Bombal
HPE Network Protector SDN Application Part 7 - Demo Service Insertion Tunnel / GRE Tunnel
David Bombal
HPE Network Protector SDN Application Part 8 - Demo SDN OpenFlow Reporting
David Bombal
HPE Network Protector SDN Application Part 9 - Demo switches interception of DNS traffic
David Bombal
GNS3 Talks: GNS3 version 1.5.X Appliance Tips
David Bombal
CCNA 200-125 Exam: AAA demo: TACACS+ with GNS3
David Bombal
GNS3 2.0.0 beta 2 install
David Bombal
CCNA #012: Learn SNMP with GNS3, Wireshark and Solarwinds NPM - CCNA 200-125 exam
David Bombal
CCNA #013: Spanning Tree CCNA Exam Questions: Know the answer? CCNA 200-125 exam
David Bombal
GNS3 2.0.0 beta : GNS3 VM integration with GNS3 GUI
David Bombal
CCNA #018: Routing exam questions: Who wins? OSPF, EIGRP or RIP? Sure? CCNA 200-125 exam
David Bombal
CCNA #019: Spanning Tree CCNA Exam Questions: Root Bridge, Root Port and more: CCNA 200-125 exam
David Bombal
GNS3 Download, installation and configuration - GNS3 1.5.3 and Windows 10
David Bombal
CCNA #023 EIGRP Neighbor Troubleshooting (DUAL Issues) for the CCNA 200-125 Exam
David Bombal
GNS3 2.0 Architecture and schema Part 1: What is the GNS3 Controller?
David Bombal
GNS3 2.0 Architecture and schema Part 2: Emulators and virtualization
David Bombal
CCNA #028 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #029 VTP & DTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #030 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
GNS3 : How to download Cisco IOS images and VIRL images. Which is the best? How do you get them?
David Bombal
GNS3 ASA setup: Import and configure Cisco ASAv with GNS3
David Bombal
GNS3 switching setup and options: Cisco and other switching options in GNS3
David Bombal
GNS3 switching setup and options Part 2: GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 3: Router on a sick with GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 4: Etherswitch Router for Cisco Dynamips Part 1
David Bombal
GNS3 switching setup and options Part 5: Etherswitch Router for Cisco Dynamips Part 2
David Bombal
GNS3 switching setup and options Part 6: Etherswitch, Wireshark, 802.1Q, InterVLAN routing
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 1: GNS3 Switching Part 7
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 2: GNS3 Switching Part 8
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 3: GNS3 Switching Part 9
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 4: GNS3 Switching Part 10
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 5: GNS3 Switching Part 11
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 1: GNS3 switching options Part 12
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 2: GNS3 switching options Part 13
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 6: GNS3 Switching Part 14
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 7: GNS3 Switching Part 15
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 1: GNS3 NFV
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 2: GNS3 NFV
David Bombal
GNS3 Talks: Use the NAT node to connect GNS3 to the Internet easily!
David Bombal
GNS3 Talks: GNS3 2.0 RC1 is now available
David Bombal
GNS3 Talks: GNS3 2.0 Portable Projects - easily export and import GNS3 projects
David Bombal
GNS3 Talks: Multiple clients sharing projects in real time, plus console session shadowing!
David Bombal
CCNA #035 NAT Troubleshooting Scenario 1 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #036 NAT Troubleshooting Scenario 2 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 1: leverage servers and the cloud
David Bombal
CCNA #037 OSPF Troubleshooting - can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 2: leverage servers and the cloud
David Bombal
CCNA #038 NAT Troubleshooting Scenario 3 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #039 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
CCNA #040 NAT Troubleshooting Scenario 4 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 1
David Bombal
CCNA #041 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 2
David Bombal
GNS3 Talks: ipterm: Linux, Docker, Python, SDN and more! Part 1
David Bombal
More on: Network Security
View skill →Related Reads
📰
📰
📰
📰
The Security Liability of Memory Allocation in TEEs: A Design Decision Log
Dev.to · Theo Ezell (webMethodMan)
Singapore Built an Army of Cyber Defenders and the Hackers Came Anyway
Medium · Cybersecurity
SaaS Security Best Practices: Auth, Authorization, and Data Protection
Dev.to · sweet
33 Days of Certified Vibe Hacker by Hacker Sidekick -README
Medium · Cybersecurity
Chapters (42)
Why talk about pentesting at all?
0:21
Welcome//Corey
0:48
What is an API and Why Care?
1:52
Free API Hacking Course!
2:11
Overview//Course
2:28
Do I Need the Book to do the Course?
2:39
Pre-reqs for Course
3:07
Cert//When?
3:22
Hacking APIs//Origin Story
5:34
The Start//USPS Data Leak
7:31
OWASP Top 10 Explained
7:49
API1//Broken Object Level Authorization
8:46
Testing for BOLA
9:59
API2//Broken User Authentication
10:35
Leaked API Keys on GitHub?
10:59
API3//Excessive Data Exposure
12:05
API9//Improper Asset Management
13:53
The World is Running on APIs
14:53
Who is this Book For?
16:19
Set Up Hacking Lab
17:47
You Just Need a Laptop to Start Hacking!
17:52
Free API Hacking Tools
20:14
What is Kiterunner
20:47
Gobuster vs Kiterunner
21:51
Free Wordlists!
22:05
What is fuzzing and free fuzzing tool
23:17
More Tools?
23:47
How To Find APIs
25:02
Using nmap to find APIs?
26:09
Hacking APIs as your start in hacking
28:09
Difference//REST//GraphQL
29:07
Learn REST or GraphQL?
31:07
Take a University Course?
31:44
Hacking Certifications//Worth It?
33:42
Being Hacked//How Corey Started
36:31
Corey's OSCP Experience
38:09
Hacking APIs As An Alternative Path
38:41
Resources to Start With
39:26
Ten Years of Experience?
39:52
Huge Demand for Hacking APIs
40:25
The Course is Completely Free
41:37
Thank You & Final Words
🎓
Tutor Explanation
DeepCamp AI