I interview Corey Ball who wrote the book “Hacking APIs” and he tells us about his book and the free training he is making available. This is a cool announcement 🙂

// MENU //
00:00 – Why talk about pentesting at all?
00:21 – Welcome//Corey
00:48 – What is an API and Why Care?
01:52 – Free API Hacking Course!
02:11 – Overview//Course
02:28 – Do I Need the Book to do the Course?
02:39 – Pre-reqs for Course
03:07 – Cert//When?
03:22 – Hacking APIs//Origin Story
05:34 – The Start//USPS Data Leak
07:31 – OWASP Top 10 Explained
07:49 – API1//Broken Object Level Authorization
08:46 – Testing for BOLA
09:59 – API2//Broken User Authentication
10:35 – Leaked API Keys on GitHub?
10:59 – API3//Excessive Data Exposure
12:05 – API9//Improper Asset Management
13:53 – The World is Running on APIs
14:53 – Who is this Book For?
16:19 – Set Up Hacking Lab
17:47 – You Just Need a Laptop to Start Hacking!
17:52 – Free API Hacking Tools
20:14 – What is Kiterunner
20:47 – Gobuster vs Kiterunner
21:51 – Free Wordlists!
22:05 – What is fuzzing and free fuzzing tool
23:17 – More Tools?
23:47 – How To Find APIs
25:02 – Using nmap to find APIs?
26:09 – Hacking APIs as your start in hacking
28:09 – Difference//REST//GraphQL
29:07 – Learn REST or GraphQL?
31:07 – Take a University Course?
31:44 – Hacking Certifications//Worth It?
33:42 – Being Hacked//How Corey Started
36:31 – Corey’s OSCP Experience
38:09 – Hacking APIs As An Alternative Path
38:41 – Resources to Start With
39:26 – Ten Years of Experience?
39:52 – Huge Demand for Hacking APIs
40:25 – The Course is Completely Free
40:47- Breaking Barriers!
41:37 – Thank You & Final Words

// Free API hacking course //
APIsec Certified Expert Course: https://university.apisec.ai/

// Defcon Workshop notes //
https://sway.office.com/HVrL2AXUlWGNDHqy

// Books //
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: https://amzn.to/3SPCtBF

// YouTube channels mentioned //
InsiderPHD: https://www.youtube.com/c/InsiderPhD
IppSec: https://www.youtube.com/c/ippsec/videos

// Corey SOCIAL //
LinkedIn: https://www.linkedin.com/in/coreyjball/
Twitter: https://twitter.com/hAPI_hacker

// David SOCIAL //

================
Connect with me:
================
Discord: http://discord.davidbombal.com
​
Twitter: https://www.twitter.com/davidbombal​
Instagram: https://www.instagram.com/davidbombal​
LinkedIn: https://www.linkedin.com/in/davidbombal​
Facebook: https://www.facebook.com/davidbombal.co​
TikTok: http://tiktok.com/@davidbombal​
YouTube Main Channel https://www.youtube.com/davidbombal​
YouTube Tech Channel: https://www.youtube.com/channel/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Channel: https://www.youtube.com/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Channel: https://www.youtube.com/channel/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna
​
Udemy CCNA Course: https://bit.ly/ccnafor10dollars​
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10​

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
api hacking tools
api hacking alissa knight
api hacking with postman
api hacking for beginners
api hacker
api hacking demo
api hacking kali linux
api hacking course
api hacking insiderphd
hacking an api
hack api
owasp api top 10
bug bounty
hacking apis no starch press
hacking api no starch
hacking apis pdf
hacking api book
hacking apis corey ball
corey ball hacking apis
reverse engineering
private api
apis for beginners
rest api
hacking api with postman
reverse engineering for beginners
hacking api key
what is an api
rest apis with postman for absolute beginners
rest api explained

Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites.

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

#api #hack #hacking

subscribe
  • David Bombal