Subcategories

Hack Your API First by Troy Hunt [repost]

Posted By: ParRus
Hack Your API First by Troy Hunt [repost]

Hack Your API First
WEBRip | English | MP4 + Project files | 1024 x 768 | AVC ~92.6 kbps | 15 fps
AAC | 128 Kbps | 44.1 KHz | 2 channels | 4h 07mn | 687.1 MB
Genre: eLearning Video / Development, Programming

Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
Web based APIs have grown enormously popular in recent years. This is in response to a couple of key changes in the industry: firstly, the enormous growth of mobile apps which frequently talk to back ends over the web. Secondly, the rapidly emerging 'Internet of Things' which promises to bring connectivity to common devices we use in our everyday lives. In the rush to push these products to market, developers are often taking shortcuts on security and leaving online services vulnerable to attack. The risks are not as obvious as they may be in traditional browser based web apps, but they're extremely prevalent and attackers know how to easily identify them. This course teaches you how to go on the offense and hack your own APIs before online attackers do.

Content:

Introduction
The Age of the API
The Hidden Nature of API Security
What Exactly Is an API?
What's the Scope of This Course?
Introducing Supercar Showdown
Introducing the Vulnerable Mobile App
Summary
Discovering Device Communication With APIs
Who Are We Protecting Our APIs From?
Proxying Device Traffic Through Fiddler
Interpreting Captured Data in Fiddler
Intercepting Mobile App Data in Fiddler
Discovering More About Mobile Apps via Fiddler
Filtering Traffic in Fiddler
Alternate Traffic Interception Mechanisms
Summary
Leaky APIs and Hidden APIs
Introduction
Discovering Leaky APIs
Securing a Leaky API
Discovering Hidden APIs via Documentation Pages
Discovering Hidden APIs via robots.txt
Discovering Hidden APIs via Google
Securing Hidden APIs
Summary
API Manipulation and Parameter Tampering
Introduction
Defining Untrusted Data
Modifying Web Traffic in Fiddler
Manipulating App Logic by Request Tampering
Response Tampering
Summary
API Authentication and Authorization Vulnerabilities
Introduction
Identifying Authentication Persistence
The Role of Tokens
An Auth Token in Practice
An Overview of Authorization Controls
Identifying Client Controls vs. Server Controls
Circumventing Client Authorization Controls
Testing for Insufficient Authorization
Testing for Brute Force Protection
The Role of OpenID Connect and OAuth
Summary
Working With SSL Encrypted API Traffic
Introduction
MitM'ing an HTTPS Connection With Fiddler
Configuring Fiddler to Decrypt Encrypted Connections
Proxying Encrypted Device Traffic via Fiddler
Rejecting Invalid Certificates
Identifying a Missing Certificate Validation Check
Loading the Fiddler Certificate on a Device
SSL Behavior on a Compromised Device
Identifying Invalid Certificates
The Value Proposition of Certificate Pinning
Demonstrating Certificate Pinning
Summary

also You can watch my other last: Programming-posts

General
Complete name : \02. Defining Untrusted Data.mp4
Format : MPEG-4
Format profile : Base Media / Version 2
Codec ID : mp42
File size : 8.71 MiB
Duration : 5mn 28s
Overall bit rate mode : Variable
Overall bit rate : 223 Kbps
Encoded date : UTC 2014-08-29 21:00:51
Tagged date : UTC 2014-08-29 21:01:15
Writing application : HandBrake 0.9.8 2012071700

Video
ID : 1
Format : AVC
Format/Info : Advanced Video Codec
Format profile : Baseline@L3.1
Format settings, CABAC : No
Format settings, ReFrames : 2 frames
Format settings, GOP : M=1, N=50
Codec ID : avc1
Codec ID/Info : Advanced Video Coding
Duration : 5mn 28s
Duration_FirstFrame : 67ms
Bit rate : 92.6 Kbps
Width : 1 024 pixels
Height : 768 pixels
Display aspect ratio : 4:3
Frame rate mode : Constant
Frame rate : 15.000 fps
Color space : YUV
Chroma subsampling : 4:2:0
Bit depth : 8 bits
Scan type : Progressive
Bits/(Pixel*Frame) : 0.008
Stream size : 3.62 MiB (42%)
Writing library : x264 core 120
Encoding settings : cabac=0 / ref=2 / deblock=1:0:0 / analyse=0x1:0x111 / me=umh / subme=6 / psy=1 / psy_rd=1.00:0.00 / mixed_ref=1 / me_range=16 / chroma_me=1 / trellis=0 / 8x8dct=0 / cqm=0 / deadzone=21,11 / fast_pskip=1 / chroma_qp_offset=-2 / threads=12 / sliced_threads=0 / nr=0 / decimate=1 / interlaced=0 / bluray_compat=0 / constrained_intra=0 / bframes=0 / weightp=0 / keyint=50 / keyint_min=15 / scenecut=40 / intra_refresh=0 / rc_lookahead=40 / rc=crf / mbtree=1 / crf=20.0 / qcomp=0.60 / qpmin=3 / qpmax=69 / qpstep=4 / ip_ratio=1.40 / aq=1:1.00
Encoded date : UTC 2014-08-29 21:00:51
Tagged date : UTC 2014-08-29 21:01:15
Color range : Limited
Color primaries : BT.709
Transfer characteristics : BT.709
Matrix coefficients : BT.709

Audio
ID : 2
Format : AAC
Format/Info : Advanced Audio Codec
Format profile : LC
Codec ID : 40
Duration : 5mn 28s
Bit rate mode : Variable
Bit rate : 128 Kbps
Maximum bit rate : 155 Kbps
Channel(s) : 2 channels
Channel positions : Front: L R
Sampling rate : 44.1 KHz
Compression mode : Lossy
Stream size : 5.00 MiB (57%)
Title : Stereo
Language : English
Encoded date : UTC 2014-08-29 21:00:51
Tagged date : UTC 2014-08-29 21:01:14
Screenshots

Hack Your API First by Troy Hunt [repost]

Hack Your API First by Troy Hunt [repost]

Hack Your API First by Troy Hunt [repost]

Hack Your API First by Troy Hunt [repost]

Hack Your API First by Troy Hunt [repost]

Exclusive eLearning Videos ParRus-blogadd to bookmarks

Hack Your API First by Troy Hunt [repost]