Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

This CTF Teaches You Everything About Hacking an API

NahamSec via YouTube

Start learning Write review
CodeSignal Ad

Free AI-powered learning to build in-demand skills

Learn More → Corporate Finance Institute Ad

Get 35% Off CFI Certifications - Code CFI35

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This video tutorial provides a comprehensive guide to API hacking through a Capture The Flag (CTF) exercise. Learn essential API security concepts including authentication vulnerabilities, UUID leakage, information disclosure techniques, API versioning exploits, privilege escalation methods, bypassing restrictions using different HTTP methods, and automating the reconnaissance process. The 19-minute tutorial by NahamSec (Ben), a renowned hacker and bug bounty hunter, breaks down complex API security concepts into practical demonstrations. The content progresses from basic authentication issues to advanced automation techniques, making it suitable for both beginners and experienced security professionals looking to enhance their API hacking skills. Sponsored by APISEC, the tutorial includes timestamps for easy navigation through different security concepts and concludes with a practical demonstration of combining multiple techniques.

Syllabus

0:00 - Intro
2:00 - Authentication
3:10 - Leaking UUID
5:09 - Information Disclosure & Automation
8:00 - API Versioning
10:00 - Privilege Escalation
11:34 - GET vs PUT to bypass restrictions
13:05 - Automating Recon Process for API Hacking
17:15 - Putting it all together

Taught by

NahamSec

Reviews

Start your review of This CTF Teaches You Everything About Hacking an API

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.