It is important to keep APIs secure because APIs allow applications to exchange data and perform actions on behalf of the user. If an API is not safe, it can potentially be exploited by malicious individuals or organizations to gain unauthorized access to sensitive data, perform actions on behalf of the user without their consent, or disrupt the intended functionality of the API. To protect against risks, it is essential to implement appropriate security measures when developing and deploying APIs.
In this session, we will look into common vulnerabilities that are found in many APIs such as SQL Injection, Insecure Direct Object References, and Privilege Escalation. More topics would be covered to provide methods and tricks needed to discover issues in manual and automated ways. The only requirement is the Internet and the motive to learn.
Topics Covered:
– IDOR
– Privilege Escalation
– CORS
– parameter pollution
– Methods and tricks
– SQL Injection
– Sensitive Data Exposure
– Denial Of Service
– User Enumeration & Rate Limiting
Key Takeaways
Gaurav Narwani is currently a Masters’s student studying Information Security at Johns Hopkins University. Has more than 3 years of security testing experience and has tested more than 200+ applications, finding more than 400+ vulnerabilities.
He has 6 CVEs registered to his name for finding issues in various open-source CRMs. He is among the top researchers on Bugcrowd, Hackerone, and Synack.
He has built various tools and loves to research topics related to web application testing and security automation. You may find his blogs at https://gauravnarwani.com
