Home| All Soft| Last Soft| Download Status| Customers opinion| Support| Cart

Program Search:

Shopping Cart:




*Note: Minimum order price: €20
We Recommend:
Pluralsight Hack Your API First €10 buy download

2014
Pluralsight
Troy Hunt
4h 7m
English

Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.

Introduction
The Age of the API
The Hidden Nature of API Security
What Exactly Is an API?
What's the Scope of This Course?
Introducing Supercar Showdown
Introducing the Vulnerable Mobile App
Summary
Discovering Device Communication With APIs
Who Are We Protecting Our APIs From?
Proxying Device Traffic Through Fiddler
Interpreting Captured Data in Fiddler
Intercepting Mobile App Data in Fiddler
Discovering More About Mobile Apps via Fiddler
Filtering Traffic in Fiddler
Alternate Traffic Interception Mechanisms
Summary
Leaky APIs and Hidden APIs
Introduction
Discovering Leaky APIs
Securing a Leaky API
Discovering Hidden APIs via Documentation Pages
Discovering Hidden APIs via robots.txt
Discovering Hidden APIs via Google
Securing Hidden APIs
Summary
API Manipulation and Parameter Tampering
Introduction
Defining Untrusted Data
Modifying Web Traffic in Fiddler
Manipulating App Logic by Request Tampering
Response Tampering
Summary
API Authentication and Authorization Vulnerabilities
Introduction
Identifying Authentication Persistence
The Role of Tokens
An Auth Token in Practice
An Overview of Authorization Controls
Identifying Client Controls vs. Server Controls
Circumventing Client Authorization Controls
Testing for Insufficient Authorization
Testing for Brute Force Protection
The Role of OpenID Connect and OAuth
Summary
Working With SSL Encrypted API Traffic
Introduction
MitM'ing an HTTPS Connection With Fiddler
Configuring Fiddler to Decrypt Encrypted Connections
Proxying Encrypted Device Traffic via Fiddler
Rejecting Invalid Certificates
Identifying a Missing Certificate Validation Check
Loading the Fiddler Certificate on a Device
SSL Behavior on a Compromised Device
Identifying Invalid Certificates
The Value Proposition of Certificate Pinning
Demonstrating Certificate Pinning
Summary

http://pluralsight.com/training/Courses/TableOfContents/hack-your-api-first



Download File Size:670.09 MB


Pluralsight Hack Your API First
€10
Customers who bought this program also bought:

Home| All Programs| Today added Progs| Download Status| Customers opinion| Helpdesk| Shopping cart      





DxO PhotoLab 5 ELITE €25


SketchUp Pro 2022 €30


Corel Painter 2023 €40






Autodesk 3DS MAX 2023 €75

             

Autodesk Inventor Professional 2023 €95






Orchestral Tools TIME micro KONTAKT €40


Steinberg HALion 6.4.0.101 STANDALONE €40


Native Instruments Komplete 12 Ultimate Collectors Edition €50