Test lab
API tools
Preparation
Reconnaissance
Enumeration
Notes on techniques
Introduction
What?
Why?
How?
Challenges
Complexity
Use case propagation
Access to connected systems
Synchronous and asynchronous methods
API versioning
Rate limit tests
Collect requests information
Fuzz deep and wide
Evasive techniques
Attack authentication
Exploit authorisation
Inject with mass assignment
Try traditional injections
CTFs and challenges
Introduction
What?
Why?
How?
RootMe: GraphQL Introspection
Introspection
Response
Fiddling
Resources
API mayhem
Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact
Index