HaxorPlus
API Security Hacking: REST & GraphQL Deep Dive

API Security Hacking: REST & GraphQL Deep Dive

cybersecurityintermediateEnglishONLINE COURSE
59 lectures • 5h 39m total length

Gain hands-on experience in attacking and securing RESTful and GraphQL APIs, and thrive as a penetration tester and bug bounty hunter.

Ethical Hacking of RESTful and GraphQL APIs

What you'll learn

  • RESTful API vulnerabilities
  • GraphQL API vulnerabilities
  • Basic web application vulnerabilities
  • Basic mobile application vulnerabilities
  • Getting started in web application bug bounty
  • Getting started in mobile application bug bounty
  • REST API Introduction
  • REST API Discovery and Recon
  • REST API Enumeration
  • REST API Broken Object Level Authorization (BOLA)
  • REST API Broken Authentication
  • REST API Broken Object Property Level Authorization
  • REST API Excessive Data Exposure
  • REST API Mass Assignment
  • REST API Unrestricted Resource Consumption
  • REST API Broken Function Level Authorization (BLFA)
  • REST API Unrestricted Access to Sensitive Business Flows
  • REST API Server Side Request Forgery (SSRF)
  • REST API Security Misconfiguration
  • REST API Improper Inventory Management
  • REST API Unsafe Consumption of APIs
  • REST API Server-side parameter pollution
  • GraphQL Introduction
  • What is GraphQL
  • GraphQL Key terminologies
  • GraphQL Burp extensions
  • GraphQL Wordlists
  • GraphQL Payloads
  • GraphQL Tools
  • GraphQL API Attack Surface, Recon, Enumeration
  • GraphQL Attack Surface Analysis
  • GraphQL GET requests and the issues
  • GraphQL POST requests
  • GraphQL Information Disclosure
  • GraphQL Introspection
  • GraphQL GET vs. POST Introspection
  • GraphQL Introspection filter bypass example
  • GraphQL Non-prod GraphQL endpoints
  • GraphQL Field Suggestion
  • GraphQL Automating Field Suggestion
  • GraphQL Field Stuffing
  • GraphQL Abusing Error Messages
  • GraphQL IDE
  • GraphQL DoS
  • GraphQL Deep Recursion Query Attack
  • GraphQL Circular Fragment Vulnerabilities
  • GraphQL Batch Query Attacks / Resource Intensive Query Attacks
  • GraphQL Field Duplication Attacks
  • GraphQL Alias based attacks (DoS scenario)
  • GraphQL Directive Overloading
  • GraphQL Object Limit Overriding
  • GraphQL Array-Based Query Batching
  • GraphQL Authentication and Authorization attacks
  • GraphQL Login functions
  • GraphQL Bypassing protections
  • GraphQL Alias based attacks / query batching
  • GraphQL JWT token forgery
  • GraphQL Cookie forgery
  • GraphQL Access control issues and IDORs
  • GraphQL Injection attacks
  • GraphQL OS Command Injection
  • GraphQL SQL Injection
  • GraphQL HTML Injection
  • GraphQL XSS (Cross-site scripting)
  • GraphQL Request Forgery and Hijacking
  • GraphQL Server-side request forgery (SSRF)
  • GraphQL Cross-site request forgery (CSRF)
  • GraphQL GET based CSRF
  • GraphQL POST based CSRF
  • GraphQL Cross-Site WebSocket Hijacking (CSWH)

    • Requirements

    • Basic IT Skills
    • Basic understanding of web or mobile app technology
    • No Linux, programming or hacking knowledge required
    • Computer with a minimum of 4GB ram/memory
    • Operating System: Windows / Apple Mac OS / Linux
    • Reliable internet connection
    • Burp Suite Community (Pro optional)
    • Firefox Web Browser
    • Either VMware, Virtual Box, Raspberry PI or similar to run virtual servers

    Description

    Welcome to the Ethical Hacking of RESTful and GraphQL APIs Training Course

    Important note: This course is NOT teaching the actual usage of Burp Suite and its features. This course is a heavily hands-on introduction to both RESTful as well as GraphQL API vulnerabilities. These APIs are very common in modern web and mobile applications.

    Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.

    This course features theoretical introductions into API vulnerabilities followed by practical exploitations of common RESTful API and GraphQL API vulnerabilities. Some labs are being performed utilizing the Portswigger Web Academy Labs. Other labs are performed on standalone VMs such as crAPI and DVGA. As people use different platforms, The training will not show the set up of crAPI or DVGA. But you can install these easily on a free virtualization software like virtual box on Windows or MacOSX. Martin will be solving a lot of labs and explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to start out in API Penetration Testing or API Bug Bounty Hunting.

    The course features the following topics:

    • REST API Introduction
    • REST API Discovery and Recon
    • REST API Enumeration
    • REST API Broken Object Level Authorization (BOLA)
    • REST API Broken Authentication
    • REST API Broken Object Property Level Authorization
    • REST API Excessive Data Exposure
    • REST API Mass Assignment
    • REST API Unrestricted Resource Consumption
    • REST API Broken Function Level Authorization (BLFA)
    • REST API Unrestricted Access to Sensitive Business Flows
    • REST API Server Side Request Forgery (SSRF)
    • REST API Security Misconfiguration
    • REST API Improper Inventory Management
    • REST API Unsafe Consumption of APIs
    • REST API Server-side parameter pollution
    • GraphQL Introduction
    • GraphQL What is it?
    • GraphQL Key terminologies
    • GraphQL Burp extensions
    • GraphQL Wordlists
    • GraphQL Payloads
    • GraphQL Tools
    • GraphQL API Attack Surface, Recon, Enumeration
    • GraphQL Attack Surface Analysis
    • GraphQL GET requests and the issues
    • GraphQL POST requests
    • GraphQL Information Disclosure
    • GraphQL Introspection
    • GraphQL GET vs. POST Introspection
    • GraphQL Introspection filter bypass example
    • GraphQL Non-prod GraphQL endpoints
    • GraphQL Field Suggestion
    • GraphQL Automating Field Suggestion
    • GraphQL Field Stuffing
    • GraphQL Abusing Error Messages
    • GraphQL IDE
    • GraphQL DoS
    • GraphQL Deep Recursion Query Attack
    • GraphQL Circular Fragment Vulnerabilities
    • GraphQL Batch Query Attacks / Resource Intensive Query Attacks
    • GraphQL Field Duplication Attacks
    • GraphQL Alias based attacks (DoS scenario)
    • GraphQL Directive Overloading
    • GraphQL Object Limit Overriding
    • GraphQL Array-Based Query Batching
    • GraphQL Authentication and Authorization attacks
    • GraphQL Login functions
    • GraphQL Bypassing protections
    • GraphQL Alias based attacks / query batching
    • GraphQL JWT token forgery
    • GraphQL Cookie forgery
    • GraphQL Access control issues and IDORs
    • GraphQL Injection attacks
    • GraphQL OS Command Injection
    • GraphQL SQL Injection
    • GraphQL HTML Injection
    • GraphQL XSS (Cross-site scripting)
    • GraphQL Request Forgery and Hijacking
    • GraphQL Server-side request forgery (SSRF)
    • GraphQL Cross-site request forgery (CSRF)
    • GraphQL GET based CSRF
    • GraphQL POST based CSRF
    • GraphQL Cross-Site WebSocket Hijacking (CSWH)
    • Online RESTful and GraphQL Penetration Testing Playgrounds without local install

    Notes & Disclaimer

    Portswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. crAPI and DVGA are free as well and can be cloned from GitHub. I will to respond to questions in a reasonable time frame. Learning Web / Mobile Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don't feel frustrated if you don't find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.

    Who this course is for:

    • Anybody interested in learning basic ethical web application hacking / penetration testing
    • Anybody interested in learning basic API hacking / penetration testing
    • Anybody interested in learning basic ethical web application bug bounty hunting
    • Anybody interested in learning basic ethical API bug bounty hunting
    • Anybody interested in learning how hackers hack web applications
    • Anybody interested in learning how hackers hack mobile applications
    • Anybody interested in learning how hackers hack APIs
    • Developers looking to expand on their knowledge of vulnerabilities that may impact them
    • Anyone interested in application security
    • Anyone interested in Red teaming
    • Anyone interested in offensive security

    Master API Security Hacking!

    Ready to Accelerate Your Tech Career?

    Start Learning Now