Hack Your API First
WEBRip | English | MP4 + Project files | 1024 x 768 | AVC ~92.6 kbps | 15 fps
AAC | 128 Kbps | 44.1 KHz | 2 channels | 4h 07mn | 687.1 MB
Genre: eLearning Video / Development, Programming
Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
Web based APIs have grown enormously popular in recent years. This is in response to a couple of key changes in the industry: firstly, the enormous growth of mobile apps which frequently talk to back ends over the web. Secondly, the rapidly emerging Internet of Things which promises to bring connectivity to common devices we use in our everyday lives. In the rush to push these products to market, developers are often taking shortcuts on security and leaving online services vulnerable to attack. The risks are not as obvious as they may be in traditional browser based web apps, but theyre extremely prevalent and attackers know how to easily identify them. This course teaches you how to go on the offense and hack your own APIs before online attackers do.
Content:
Introduction
The Age of the API
The Hidden Nature of API Security
What Exactly Is an API?
Whats the Scope of This Course?
Introducing Supercar Showdown
Introducing the Vulnerable Mobile App
Summary
Discovering Device Communication With APIs
Who Are We Protecting Our APIs From?
Proxying Device Traffic Through Fiddler
Interpreting Captured Data in Fiddler
Intercepting Mobile App Data in Fiddler
Discovering More About Mobile Apps via Fiddler
Filtering Traffic in Fiddler
Alternate Traffic Interception Mechanisms
Summary
Leaky APIs and Hidden APIs
Introduction
Discovering Leaky APIs
Securing a Leaky API
Discovering Hidden APIs via Documentation Pages
Discovering Hidden APIs via robots.txt
Discovering Hidden APIs via Google
Securing Hidden APIs
Summary
API Manipulation and Parameter Tampering
Introduction
Defining Untrusted Data
Modifying Web Traffic in Fiddler
Manipulating App Logic by Request Tampering
Response Tampering
Summary
API Authentication and Authorization Vulnerabilities
Introduction
Identifying Authentication Persistence
The Role of Tokens
An Auth Token in Practice
An Overview of Authorization Controls
Identifying Client Controls vs. Server Controls
Circumventing Client Authorization Controls
Testing for Insufficient Authorization
Testing for Brute Force Protection
The Role of OpenID Connect and OAuth
Summary
Working With SSL Encrypted API Traffic
Introduction
MitMing an HTTPS Connection With Fiddler
Configuring Fiddler to Decrypt Encrypted Connections
Proxying Encrypted Device Traffic via Fiddler
Rejecting Invalid Certificates
Identifying a Missing Certificate Validation Check
Loading the Fiddler Certificate on a Device
SSL Behavior on a Compromised Device
Identifying Invalid Certificates
The Value Proposition of Certificate Pinning
Demonstrating Certificate Pinning
Summary
also You can watch my other last:
General
Complete name \02. Defining Untrusted Data.mp4
Format MPEG-4
Format profile Base Media / Version 2
Codec ID mp42
File size 8.71 MiB
Duration 5mn 28s
Overall bit rate mode Variable
Overall bit rate 223 Kbps
Encoded date UTC 2014-08-29 21:00:51
Tagged date UTC 2014-08-29 21:01:15
Writing application HandBrake 0.9.8 2012071700
Video
ID 1
Format AVC
Format/Info Advanced Video Codec
Format profile Baseline@L3.1
Format settings, CABAC No
Format settings, ReFrames 2 frames
Format settings, GOP M=1, N=50
Codec ID avc1
Codec ID/Info Advanced Video Coding
Duration 5mn 28s
Duration_FirstFrame 67ms
Bit rate 92.6 Kbps
Width 1 024 pixels
Height 768 pixels
Display aspect ratio 4:3
Frame rate mode Constant
Frame rate 15.000 fps
Color space YUV
Chroma subsampling 4:2:0
Bit depth 8 bits
Scan type Progressive
Bits/(PixelFrame) 0.008
Stream size 3.62 MiB (42%)
Writing library x264 core 120
Encoding settings cabac=0 / ref=2 / deblock=1:0:0 / analyse=0x1:0x111 / me=umh / subme=6 / psy=1 / psy_rd=1.00:0.00 / mixed_ref=1 / me_range=16 / chroma_me=1 / trellis=0 / 8x8dct=0 / cqm=0 / deadzone=21,11 / fast_pskip=1 / chroma_qp_offset=-2 / threads=12 / sliced_threads=0 / nr=0 / decimate=1 / interlaced=0 / bluray_compat=0 / constrained_intra=0 / bframes=0 / weightp=0 / keyint=50 / keyint_min=15 / scenecut=40 / intra_refresh=0 / rc_lookahead=40 / rc=crf / mbtree=1 / crf=20.0 / qcomp=0.60 / qpmin=3 / qpmax=69 / qpstep=4 / ip_ratio=1.40 / aq=1:1.00
Encoded date UTC 2014-08-29 21:00:51
Tagged date UTC 2014-08-29 21:01:15
Color range Limited
Color primaries BT.709
Transfer characteristics BT.709
Matrix coefficients BT.709
Audio
ID 2
Format AAC
Format/Info Advanced Audio Codec
Format profile LC
Codec ID 40
Duration 5mn 28s
Bit rate mode Variable
Bit rate 128 Kbps
Maximum bit rate 155 Kbps
Channel(s) 2 channels
Channel positions Front: L R
Sampling rate 44.1 KHz
Compression mode Lossy
Stream size 5.00 MiB (57%)
Title Stereo
Language English
Encoded date UTC 2014-08-29 21:00:51
Tagged date UTC 2014-08-29 21:01:14
Screenshots
Kod:
uploadgig_com:
http://rapidgator.net/file/96c19c1b7bcb341a2ae4c969021a23c1/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part7.rar.html
http://rapidgator.net/file/2eb86aea59a85ce0b357a7fd5aa81fc3/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part5.rar.html
http://rapidgator.net/file/94c2aaae0f5e7ab7e6f51b583b464e45/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part6.rar.html
http://rapidgator.net/file/61c5ff9579e3aae0762ab1c56c7b313c/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part4.rar.html
http://rapidgator.net/file/47d24fca571df09617764960bcd3cd44/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part3.rar.html
http://rapidgator.net/file/8f7e560e8b4d8096d94a965b58229b46/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part2.rar.html
http://rapidgator.net/file/6917e8ff84c0a3cc9982fd7f848720e0/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part1.rar.html
or
http://nitroflare.com/view/870AA7C26EC6753/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part1.rar
http://nitroflare.com/view/D948FAA04FE1E29/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part2.rar
http://nitroflare.com/view/9C073E8391BD7B3/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part3.rar
http://nitroflare.com/view/05824E220580823/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part4.rar
http://nitroflare.com/view/EA9360F326788EB/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part5.rar
http://nitroflare.com/view/1E90B09DDD7C5E7/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part6.rar
http://nitroflare.com/view/A60795087BB2031/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part7.rar
or
http://uploaded.net/file/hcjez3s1/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part7.rar
http://uploaded.net/file/hi961z1c/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part6.rar
http://uploaded.net/file/r1pz674k/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part5.rar
http://uploaded.net/file/zf81f96u/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part4.rar
http://uploaded.net/file/dotmeavn/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part3.rar
http://uploaded.net/file/v60nq1wx/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part2.rar
http://uploaded.net/file/xmv12r5z/6tptw.Hack.Your.API.First.by.Troy.Hunt.repost.part1.rar
Konuyu Favori Sayfanıza Ekleyin