Home| All soft| Last soft| Your Orders| Customers opinion| Helpdesk| Cart

Program Search:

Shopping Cart:

*Note: Minimum order price: €20
We Recommend:
Pluralsight Hack Your API First €10 buy download

Troy Hunt
4h 7m

Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.

The Age of the API
The Hidden Nature of API Security
What Exactly Is an API?
What's the Scope of This Course?
Introducing Supercar Showdown
Introducing the Vulnerable Mobile App
Discovering Device Communication With APIs
Who Are We Protecting Our APIs From?
Proxying Device Traffic Through Fiddler
Interpreting Captured Data in Fiddler
Intercepting Mobile App Data in Fiddler
Discovering More About Mobile Apps via Fiddler
Filtering Traffic in Fiddler
Alternate Traffic Interception Mechanisms
Leaky APIs and Hidden APIs
Discovering Leaky APIs
Securing a Leaky API
Discovering Hidden APIs via Documentation Pages
Discovering Hidden APIs via robots.txt
Discovering Hidden APIs via Google
Securing Hidden APIs
API Manipulation and Parameter Tampering
Defining Untrusted Data
Modifying Web Traffic in Fiddler
Manipulating App Logic by Request Tampering
Response Tampering
API Authentication and Authorization Vulnerabilities
Identifying Authentication Persistence
The Role of Tokens
An Auth Token in Practice
An Overview of Authorization Controls
Identifying Client Controls vs. Server Controls
Circumventing Client Authorization Controls
Testing for Insufficient Authorization
Testing for Brute Force Protection
The Role of OpenID Connect and OAuth
Working With SSL Encrypted API Traffic
MitM'ing an HTTPS Connection With Fiddler
Configuring Fiddler to Decrypt Encrypted Connections
Proxying Encrypted Device Traffic via Fiddler
Rejecting Invalid Certificates
Identifying a Missing Certificate Validation Check
Loading the Fiddler Certificate on a Device
SSL Behavior on a Compromised Device
Identifying Invalid Certificates
The Value Proposition of Certificate Pinning
Demonstrating Certificate Pinning


Download File Size:670.09 MB

Pluralsight Hack Your API First
Customers who bought this program also bought:

Home| All Programs| Today added Progs| Your Orders| Helpdesk| Shopping cart      

Adobe Photoshop 2022 €90


Adobe Illustrator 2022 €75

DxO PhotoLab 5 ELITE €25

SketchUp Pro 2022 €30

Corel Painter 2023 €40

Orchestral Tools TIME micro KONTAKT €40

Steinberg HALion STANDALONE €40

Native Instruments Komplete 12 Ultimate Collectors Edition €50