Worqference 2023 - Gaurav Narwani

'Worqference 2023' - Esteemed Instructor

Gaurav Narwani

Gaurav Narwani

Security Researcher

Workshop Topic: Pentesting 101: How to Hack into APIs like a Pro


It is important to keep APIs secure because APIs allow applications to exchange data and perform actions on behalf of the user. If an API is not safe, it can potentially be exploited by malicious individuals or organizations to gain unauthorized access to sensitive data, perform actions on behalf of the user without their consent, or disrupt the intended functionality of the API. To protect against risks, it is essential to implement appropriate security measures when developing and deploying APIs.

In this session, we will look into common vulnerabilities that are found in many APIs such as SQL Injection, Insecure Direct Object References, and Privilege Escalation. More topics would be covered to provide methods and tricks needed to discover issues in manual and automated ways. The only requirement is the Internet and the motive to learn.

Topics Covered:
– Privilege Escalation
– parameter pollution
– Methods and tricks
– SQL Injection
– Sensitive Data Exposure
– Denial Of Service
– User Enumeration & Rate Limiting

Key Takeaways 

  • The basics of API security
  • Techniques for testing API security
  • Methodologies for conducting API pentests
  • Strategies for reporting and remediating API vulnerabilities
  • Tips for ongoing API security

Speaker Bio


Gaurav Narwani is currently a Masters’s student studying Information Security at Johns Hopkins University. Has more than 3 years of security testing experience and has tested more than 200+ applications, finding more than 400+ vulnerabilities.
He has 6 CVEs registered to his name for finding issues in various open-source CRMs. He is among the top researchers on Bugcrowd, Hackerone, and Synack.
He has built various tools and loves to research topics related to web application testing and security automation. You may find his blogs at https://gauravnarwani.com

Click here to visit the Main Event Page