Workshop Topic: Pentesting 101: How to Hack into APIs like a Pro

It is important to keep APIs secure because APIs allow applications to exchange data and perform actions on behalf of the user. If an API is not safe, it can potentially be exploited by malicious individuals or organizations to gain unauthorized access to sensitive data, perform actions on behalf of the user without their consent, or disrupt the intended functionality of the API. To protect against risks, it is essential to implement appropriate security measures when developing and deploying APIs.

In this session, we will look into common vulnerabilities that are found in many APIs such as SQL Injection, Insecure Direct Object References, and Privilege Escalation. More topics would be covered to provide methods and tricks needed to discover issues in manual and automated ways. The only requirement is the Internet and the motive to learn.

Topics Covered:
– IDOR
– Privilege Escalation
– CORS
– parameter pollution
– Methods and tricks
– SQL Injection
– Sensitive Data Exposure
– Denial Of Service
– User Enumeration & Rate Limiting

Key Takeaways 

• The basics of API security
• Techniques for testing API security
• Methodologies for conducting API pentests
• Strategies for reporting and remediating API vulnerabilities
• Tips for ongoing API security