Hacking APIs: Breaking Web Application Programming Interfaces

Corey Ball takes you on a journey through the lifecycle of APIs in such a manner that you want to not only know more but also anticipate trying out your newfound knowledge on the next legitimate target. From concepts to examples, through to identifying tools and demonstrating them in fine detail, this book has it all. It is the motherload for API hacking and should be found next to the desk, well-read by anyone wanting to take this level of adversarial research, assessment, or DevSecOps seriously.

"This book opens the doors to the field of API hacking, a subject not very well understood. Using real-world examples that emphasize access control issues, this book will help you understand the ins and outs of securing APIs, hunt great bounties, and help organizations improve their API security!"

"Even though the internet is filled with information on any topic possible in cybersecurity, it is still hard to find solid insight on performing penetration tests on APIs. Corey's book satisfies this demand not only for the beginner cybersecurity practitioner but also for the seasoned expert."

"Hacking APIs is extremely helpful for anyone who wants to get into penetration testing. In particular, this book gives you the tools to start testing the security of APIs, which are becoming a weak point for many modern web applications. Experienced security folks can get something out of the book too, as it features automation tips and protection bypass techniques that will up any pentester's game."

"[Hacking APIs is] the best source of API info I've seen. If you're curious about what APIs are and how they work, read it once. If you work with or create APIs, read it twice. If you break APIs, read it three times.".