Hacking APIs: Breaking Web Application Programming Interfaces (Paperback)
暫譯: 破解API:攻擊網路應用程式介面 (平裝本)
Ball, Corey J.
- 出版商: No Starch Press
- 出版日期: 2022-07-12
- 定價: $2,050
- 售價: 9.0 折 $1,845
- 語言: 英文
- 頁數: 368
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718502443
- ISBN-13: 9781718502444
-
相關分類:
Penetration-test
-
相關翻譯:
Hacking APIs|剖析 Web API 漏洞攻擊技法 (繁中版)
API 攻防:Web API 安全指南 (簡中版)
立即出貨 (庫存 < 4)
買這商品的人也買了...
-
大話設計模式$620$490 -
駭客的 Linux 基礎入門必修課 (Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali)$420$357 -
Windows 駭客程式設計:勒索病毒(第一冊) -- 加密篇$620$484 -
$301Web 安全漏洞原理及實戰 -
零信任網路|在不受信任的網路中建構安全系統 (Zero Trust Networks)$480$379 -
重新認識 Vue.js:008天絕對看不完的 Vue.js 3 指南$600$468 -
Ethical Hacking : A Hands-On Introduction to Breaking in (Paperback)$1,780$1,691 -
$1,440Designing Secure Software: A Guide for Developers (Paperback) -
$2,338Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (Paperback) -
Metadata 後設資料:精準搜尋、一找就中,數據就是資產!教你活用「描述資料的資料」,加強資訊的連結和透通$420$332 -
Practical Go: Building Scalable Network and Non-Network Applications (Paperback)$1,500$1,425 -
Python 遊戲開發講座進階篇|動作射擊與 3D賽車$850$672 -
Python 遊戲開發講座入門篇|基礎知識與 RPG 遊戲$750$593 -
$1,720Designing APIs with Swagger and OpenAPI -
Windows 駭客程式設計:勒索病毒 (第二冊) -- 原理篇, 2/e$590$460 -
$454前端工程質量保障體系實踐 -
$658前端跨界開發指南:JavaScript 工具庫原理解析與實戰 -
$509微前端設計與實現 -
會動的演算法:61 個演算法動畫+全圖解逐步拆解,人工智慧、資料分析必備$620$490 -
Object-Oriented Python|以 GUI 和遊戲程式學物件導向程式設計 (Object-Oriented Python)$520$411 -
OAuth 2.0 從入門到實戰:利用驗證和授權守護 API 的安全$600$468 -
Python 遊戲開發講座|演算法篇$620$490 -
![軟體測試實務 : 業界成功案例與高效實踐 [ I ]-cover](https://cf-assets2.tenlong.com.tw/products/images/000/190/416/medium/9786263334854_bc.jpg?1684829887)
軟體測試實務 : 業界成功案例與高效實踐 [ I ]$650$507 -
![軟體測試實務 : 業界成功案例與高效實踐 [ II ]-cover](https://cf-assets2.tenlong.com.tw/products/images/000/190/417/medium/9786263334861_bc.jpg?1684830069)
軟體測試實務 : 業界成功案例與高效實踐 [ II ]$600$468 -
數據網格|大規模提供資料驅動價值 (Data Mesh: Delivering Data-Driven Value at Scale)$680$537
商品描述
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
You'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks.
In the book's nine guided labs, which target intentionally vulnerable APIs, you'll practice:
- Enumerating APIs users and endpoints using fuzzing techniques
- Using Postman to discover an excessive data exposure vulnerability
- Performing a JSON Web Token attack against an API authentication process
- Combining multiple API attack techniques to perform a NoSQL injection
- Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you'll be prepared to uncover those high-payout API bugs other hackers aren't finding and improve the security of applications on the web.
商品描述(中文翻譯)
**《駭客API》** 是一門針對網路API安全測試的速成課程,將幫助您準備進行API的滲透測試,從漏洞獎勵計畫中獲得高額回報,並使您自己的API更加安全。
**《駭客API》** 是一門針對網路API安全測試的速成課程,將幫助您準備進行API的滲透測試,從漏洞獎勵計畫中獲得高額回報,並使您自己的API更加安全。
您將學習REST和GraphQL API在實際環境中的運作方式,並使用Burp Suite和Postman設置一個精簡的API測試實驗室。接著,您將掌握對於偵查、端點分析和模糊測試有用的工具,例如Kiterunner和OWASP Amass。然後,您將學習執行常見攻擊,例如針對API身份驗證機制的攻擊以及在網路應用程式中常見的注入漏洞。您還將學習繞過這些攻擊的防護技術。
在本書的九個引導實驗室中,這些實驗室針對故意設計為脆弱的API,您將練習:
- 使用模糊測試技術列舉API用戶和端點
- 使用Postman發現過度數據暴露的漏洞
- 對API身份驗證過程執行JSON Web Token攻擊
- 結合多種API攻擊技術執行NoSQL注入
- 攻擊GraphQL API以揭露破損的物件級別授權漏洞
在本書結束時,您將準備好發現其他駭客未能找到的高額API漏洞,並改善網路應用程式的安全性。
作者簡介
Corey Ball is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare. In addition to a bachelor's degree in English and philosophy from Sacramento State University, Corey holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications.
作者簡介(中文翻譯)
Corey Ball 是 Moss Adams 的網路安全顧問經理,負責領導其滲透測試服務。他在 IT 和網路安全領域擁有超過十年的經驗,涵蓋航空航天、農業商務、能源、金融科技、政府服務和醫療保健等多個行業。除了擁有來自薩克拉門托州立大學的英語和哲學學士學位外,Corey 還持有 OSCP、CCISO、CEH、CISA、CISM、CRISC 和 CGEIT 等行業認證。
