- Course
Hack Your API First
Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
Intermediate
- Course
Hack Your API First
Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Core Tech
What you'll learn
Web based APIs have grown enormously popular in recent years. This is in response to a couple of key changes in the industry: firstly, the enormous growth of mobile apps which frequently talk to back ends over the web. Secondly, the rapidly emerging 'Internet of Things' which promises to bring connectivity to common devices we use in our everyday lives. In the rush to push these products to market, developers are often taking shortcuts on security and leaving online services vulnerable to attack. The risks are not as obvious as they may be in traditional browser based web apps, but they're extremely prevalent and attackers know how to easily identify them. This course teaches you how to go on the offense and hack your own APIs before online attackers do.
Hack Your API First
Intermediate
Table of contents
-
Who Are We Protecting Our APIs From? | 4m 33s
-
Proxying Device Traffic Through Fiddler | 4m 52s
-
Interpreting Captured Data in Fiddler | 4m 45s
-
Intercepting Mobile App Data in Fiddler | 2m 22s
-
Discovering More About Mobile Apps via Fiddler | 7m 32s
-
Filtering Traffic in Fiddler | 4m 26s
-
Alternate Traffic Interception Mechanisms | 5m 18s
-
Summary | 3m 46s
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.