Test lab
API tools
Preparation
Reconnaissance
Enumeration
Notes on techniques
Introduction
What?
Why?
How?
Challenges
Complexity
Use case propagation
Access to connected systems
Synchronous and asynchronous methods
API versioning
Rate limit tests
Collect requests information
Fuzz deep and wide
Evasive techniques
Attack authentication
Exploit authorisation
Inject with mass assignment
Try traditional injections
CTFs and challenges
Introduction
What?
Why?
How?
RootMe: GraphQL Introspection
Introspection
Response
Fiddling
Resources
API mayhem
API mayhem
Red Team
Improbability Blog
About the UU
Register
Index