Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Practical API Hacking
Welcome to the Course!
Start Here (3:02)
Course Discord & Getting Support (1:51)
Introduction
What is an API? (1:51)
Interacting with APIs (6:13)
Types of APIs (2:59)
API Security (1:33)
Lab Setup
Tool Installation (8:55)
BURP Suite Introduction (9:43)
Postman Introduction (6:07)
Docker Introduction (7:36)
Enumerating APIs
Introduction to Enumeration (0:53)
Fuzzing APIs (13:48)
Discovery via Source code (5:21)
Attacking Authorization
Introduction to Authorization (2:05)
BOLA Lab (6:15)
BFLA Lab (6:59)
Challenge Solution (10:19)
Attacking Authentication
Introduction to Authentication (2:14)
Attacking Authentication (11:35)
Attacking Tokens (11:23)
JSON Web Tokens - Part 1: Theory (5:53)
JSON Web Tokens - Part 2: Attacking JWTs (3:52)
JSON Web Tokens - Part 3: jwt_tool (17:37)
Challenge Solution (26:21)
Injection
Introduction to Injection Attacks (1:10)
Introduction to SQL Injection (2:04)
SQL Injection Lab (19:03)
SQL Injection Lab - Login Bypass (4:29)
NoSQL Injection Lab (14:14)
Challenge Solution (5:00)
Mid-course Capstone
Mid-course Capstone Challenge (2:07)
Challenge Solution (14:17)
Mass Assignment
Introduction to Mass Assignment (2:18)
Code Walkthrough (7:38)
Mass Assignment Lab (8:18)
Challenge Solution (6:22)
Excessive Data Exposure
Introduction to Excessive Data Exposure (1:41)
Excessive Data Exposure Lab (3:22)
Challenge Solution (1:49)
SSRF - Server-side Request Forgery
Introduction to SSRF (1:33)
SSRF Lab (5:55)
Challenge Solution (2:52)
Chaining Vulnerabilities
Command Injection (3:24)
Challenge Solution (10:29)
Final Capstone
Final Capstone Challenge (8:10)
Challenge Solution (30:37)
Congratulations & Thank You! (0:28)
Code Walkthrough
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock