This CTF Teaches You Everything About Hacking an API
Video Not Working? Fix It Now
Big thank you to APISEC for sponsoring this video! Please make sure to check out all of their free resources down below ⬇️
🔗 APISEC University's free API Courses 👉🏼 https://apisecuniversity.com/
RSVP for APISec's FREE API Security conference 👉🏼 https://apisecuniversity.com/
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE $200 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty - https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting Full Time - https://youtu.be/watch?v=ukb79vAgRiY
Hacking An Online Casino - https://youtu.be/watch?v=2eIDxVrk4a8
WebApp Pentesting/Hacking Roadmap - https://youtu.be/watch?v=doFo0I_KU0o
MY OTHER SOCIALS:
🌍 My website - https://www.nahamsec.com/
👨💻 My free labs - https://app.hackinghub.io/
🐦 Twitter - https://twitter.com/NahamSec
📸 Instagram - https://instagram.com/NahamSec
👨💻 Linkedin - https://www.linkedin.com/in/nahamsec/
WHO AM I?
If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.
0:00 - Intro
2:00 - Authentication
3:10 - Leaking UUID
5:09 - Information Disclosure & Automation
8:00 - API Versioning
10:00 - Privilege Escalation
11:34 - GET vs PUT to bypass restrictions
13:05 - Automating Recon Process for API Hacking
17:15 - Putting it all together
Comment
