#apihacking zoekresultaten
Day 14 — Moving on from JWT — API2: Broken User Auth 🔐 Today: switched focus to API2 (Broken User Authentication). Tried brute-forcing OTP in my lab, but DVWA/crAPI rate-limit blocked requests (api/auth/v3 enforced limits). #Day14 #APIHacking #BUSA #JWT #crAPI #MayurLearns
Unlock API hacking skills! Learn to exploit & secure APIs. Join now at Parrot CTFs Academy! #APIHacking
How I feel when someone tells me it's not possible to exploit a vuln in "that" area of the app... #apihacking #apisecurity
Poor input validation is the #1 killer of APIs. Taint all the data in all the weird places and make sure it's validated correctly. #apihacking #apisecurity
The first thing you should try to do after getting a foothold on an API server is exfiltrate the API artifacts. That includes config files, compiled assets (.dll/.class/.jar, etc), and raw source (.php/.js/.py/.go, etc) The code will serve you well. #apihacking #apisecurity
💻 API Hacking Part 2 is here! Building on Part 1, this video dives deeper into API reverse engineering, vulnerability testing, and practical exploitation techniques. 📺 Watch now: youtu.be/x6ZN02G3CeE #APIHacking #CyberSecurity #AmrSec
You ever feel like you are finding the weirdest of vulns in areas you don't expect? Ya... me too. #apihacking #apisecurity #MIB
Day 13 — Still chasing the JWT .🕵️♂️ Tried Burp Suite + online JWT editors, but still getting {"message":"JWT Token required!"} 😅 Maybe tomorrow the token gods will be kind. #Day13 #APIHacking #JWT #crAPI #MayurLearns
Developers love the thrill in creating new API endpoints, but they hardly secure them😐. Check out my article on introduction to API hacking.💻🔐🎭 cybershaykh.medium.com/introduction-t… @sisinerdtweets #APIs #apisecurity #APIhacking
Old tip for api hacking but still works older api version is vulnerable to BAC. GET api/v3/offers/ => 403 access deneid GET api/v2/offers/ => 200 OK #bugbountytips #apihacking #Pentesting
Day 11 — API1: Broken Object Level Auth (BOLA) 🛡️ Today I practiced BOLA (IDOR) on crAPI — found endpoints where changing an ID returned other users’ data. Lesson: always check object-level access controls. #Day11 #APIHacking #BOLA #crAPI #MayurLearns
Day 14 — Moving on from JWT — API2: Broken User Auth 🔐 Today: switched focus to API2 (Broken User Authentication). Tried brute-forcing OTP in my lab, but DVWA/crAPI rate-limit blocked requests (api/auth/v3 enforced limits). #Day14 #APIHacking #BUSA #JWT #crAPI #MayurLearns
Day 13 — Still chasing the JWT .🕵️♂️ Tried Burp Suite + online JWT editors, but still getting {"message":"JWT Token required!"} 😅 Maybe tomorrow the token gods will be kind. #Day13 #APIHacking #JWT #crAPI #MayurLearns
Day 11 — API1: Broken Object Level Auth (BOLA) 🛡️ Today I practiced BOLA (IDOR) on crAPI — found endpoints where changing an ID returned other users’ data. Lesson: always check object-level access controls. #Day11 #APIHacking #BOLA #crAPI #MayurLearns
New Post: Autoswagger – Automated discovery and testing of OpenAPI & Swagger endpoints Autoswagger finds and tests OpenAPI/Swagger specs to expose unauthenticated endpoints, PII leaks & secrets darknet.org.uk/2025/10/autosw… #hackingtools #apihacking #apisecurity #endpointsecurity
Highly Recommend! 🛡️ Trust Me @theXSSrat FREE CAPIE API hacking course is pure gold! Master cutting-edge cybersecurity skills and stay ahead. Don’t sleep on this! 💻 Free CAPIE resources to master API hacking! . Master vulnerabilities and secure APIs like a pro! #APIHacking
LEARN BRUTAL API HACKING WITH FREE CAPIE MATERIALS!!!! thexssrat.podia.com/capie-lesson-m… BOOM
It's been a tough morning testing an API. I got stuck at several points where I didn't know how to proceed. I tried everything, but nothing worked. This is also part of the learning process. #BugBounty #APIHacking
I woke up this morning feeling like hacking some APIs. Today it's time to try out some interesting injections. #BugBounty #APIHacking
Most API bugs come from things companies forgot they even had. - Old API versions still online - Hidden staging endpoints - Deprecated routes returning sensitive data This is Improper Assets Management – API9:2019 Always map. Always compare. #BugBounty #APIhacking
💬 ¿Quieres un mini-tutorial sobre alguna de estas herramientas? 👇 Comenta el número (#1 a #5) o nombre y lo preparo para ti. Sígueme para más flujos y tips de seguridad ofensiva. #Pentesting #APIhacking #BurpSuite #n8n #ciberseguridad #OWASP
can you POP #XSS > tarkash.surapura.in #API #APIhacking #lab #CAPIE #APISEC #pentesting #bugbounty
Curious about API Security? Try DVAPI by Payatu — a hands-on lab to learn, break & secure APIs based on OWASP Top 10 (2023) ✅ Built-in vulns ✅ Realistic attack flows ✅ Great for demos & training 🔗payatu.com/dvapi/ #APIHacking #CyberSecurity #OWASPTop10 #DVAPI #CTF
APIs Under Siege: The Growing Security Crisis 🔒 mygenienetwork.com/Footer/BlogVie… Register as an Employer on MyGenie to find and procure top ‘Cybersecurity Experts’: mygenienetwork.com/RegistrationPa… mygenienetwork.com #CyberSecurity #apihacking #infosec #dataprotection #consultants #MyGenie
Let me show you how to exploit embedded system APIs by dumping firmware to get access to API artifacts, including configs and source code. #apihacking #hardwarehacking #CH341A danaepp.com/exploiting-emb…
I've got a Flipper Zero. Let's have some fun with it and try to hack the API on a Wifi Pineapple embedded device. #flipperzero #apihacking danaepp.com/using-a-flippe…
Check out my step-by-step guide to writing extensions for API pentesting in Burp Suite. #apihacking #burpsuite danaepp.com/a-step-by-step…
You ever feel like you are finding the weirdest of vulns in areas you don't expect? Ya... me too. #apihacking #apisecurity #MIB
So what does make APIs special and different? #apisecurity #apihacking #apis #pentesting 1) Interconnectedness, even if you're sure you don't have APIs, I bet your suppliers do 2) Large attack surfaces that are poorly documented, they balloon into hundreds of endpoints quickly
How I feel when someone tells me it's not possible to exploit a vuln in "that" area of the app... #apihacking #apisecurity
Day 14 — Moving on from JWT — API2: Broken User Auth 🔐 Today: switched focus to API2 (Broken User Authentication). Tried brute-forcing OTP in my lab, but DVWA/crAPI rate-limit blocked requests (api/auth/v3 enforced limits). #Day14 #APIHacking #BUSA #JWT #crAPI #MayurLearns
Day 11 — API1: Broken Object Level Auth (BOLA) 🛡️ Today I practiced BOLA (IDOR) on crAPI — found endpoints where changing an ID returned other users’ data. Lesson: always check object-level access controls. #Day11 #APIHacking #BOLA #crAPI #MayurLearns
Unlock the Secrets of API Hacking! - Hands-on API security training - Identify & exploit vulnerabilities - Build a dedicated testing lab Become an API security master. hackers-arise.net/hacking-apis/ #APIHacking #Web #Security @three_cube
Anyone up for hacking an online banking API? Here’s a walkthrough of the #ParaBank deliberately vulnerable app I recently came across. #API #APIhacking #hackingapis zerodayhacker.com/parabank-walkt…
BOLA is the most common and one of the easiest API vulnerabilities you can exploit. He’re the story, with a couple of practical examples. #api #bola #apihacking #owasp #hacking zerodayhacker.com/what-is-bola-b…
Want to hack GraphQL APIs? He’re a basic intro to what you need to know as an ethical hacker to get started. #api #graphql #apihacking #hackingtools #hacking zerodayhacker.com/what-is-graphq…
Developers love the thrill in creating new API endpoints, but they hardly secure them😐. Check out my article on introduction to API hacking.💻🔐🎭 cybershaykh.medium.com/introduction-t… @sisinerdtweets #APIs #apisecurity #APIhacking
OAuth 2.0 is an authorization protocol often used to secure access to APIs. Here's what you need to know, from an API hacker's perspective. #api #oauth2 #apihacking #hackingtools zerodayhacker.com/what-is-oauth-…
💻 API Hacking Part 2 is here! Building on Part 1, this video dives deeper into API reverse engineering, vulnerability testing, and practical exploitation techniques. 📺 Watch now: youtu.be/x6ZN02G3CeE #APIHacking #CyberSecurity #AmrSec
Unlock API hacking skills! Learn to exploit & secure APIs. Join now at Parrot CTFs Academy! #APIHacking
Something went wrong.
Something went wrong.
United States Trends
- 1. Godzilla 24.2K posts
- 2. Lamine 61.4K posts
- 3. Barca 97.6K posts
- 4. Brujas 24K posts
- 5. Trench 7,353 posts
- 6. Barcelona 147K posts
- 7. Brugge 45.4K posts
- 8. $DUOL 2,328 posts
- 9. Shabbat 2,322 posts
- 10. Foden 20.2K posts
- 11. Richardson 3,388 posts
- 12. Flick 36.3K posts
- 13. Frey 26.7K posts
- 14. Jared Golden 1,777 posts
- 15. Anthony Taylor 1,695 posts
- 16. Balde 12.6K posts
- 17. Lina Khan 6,910 posts
- 18. Minneapolis 59.5K posts
- 19. Captain Kangaroo N/A
- 20. Fermin 11.5K posts