Hacking APIs: Understanding, Challenges, and Best Practices

I was doing a talk about Hacking APIs @ Plattform Summit 2025. Here is the presentation and all the commands. Applications / Toolshttps://www.apisec.ai/https://cloud.apisecapps.com/https://www.usebruno.com/ Educationhttps://www.home.apimasters.io/learnhttps://www.apisecuniversity.com/ crAPIhttps://github.com/OWASP/crAPI/bhttp://crapi.apisec.ai/loginhttp://crapi2.apisec.ai/login Information:https://danaepp.com/https://nordicapis.com/api Installation Install kali BurpSuitesudo apt-get install burpsuite Brunohttps://www.usebruno.com/downloadssudo apt-get install ./bruno_2.11.0_amd64_linux.deb FireFoxFoxyProxy Burpsuite Certifcatehttp://burpsuite Mitmproxy Certificatehttp://mitm.it Postmansudo wget https://dl.pstmn.io/download/latest/linux64 -O postman-linux-x64.tar.gz && sudo tar -xvzf postman-linux-x64.tar.gz -C /opt &&... Continue Reading →

2025-10-14 0

What do I think of the Detection Engineering for Beginners course from TCM Security with Anthony Isherwood?

I recently finished the Detection Engineering for Beginners course by TCM Security, taught by Anthony Isherwood. As always, I’ll keep this post short and focused just like the course claimed to be "for beginners"… more on that below. My Thoughts Let’s start with this: not every course is for everybody and that’s perfectly fine. The... Continue Reading →

2025-05-27 0

What do I think of passing the ASCP exam from Apisec University

Passing the ASCP (API Security Certified Professional) exam is a notable achievement for anyone in the field of API security. APIsec University provides a structured and comprehensive approach to prepare for this challenging exam, and I can vouch for its effectiveness. Here are my thoughts on the experience and some advice for future candidates.Sign up... Continue Reading →

2024-07-16 0

What do I think of Practical Bug Bounty course from TCM Security with Heath Adam, Alex Olsen, and Jonah Burgess from Intigriti

The Practical Bug Bounty course by TCM Security, led by Heath Adams, Alex Olsen, and Jonah Burgess from Intigriti, is a thorough exploration of hacking and web application security. Alex's extensive knowledge and Heath's significant community contributions are evident throughout the course. Despite its focus on bug bounty hunting, the course offers a wide range... Continue Reading →

2024-06-27 0

Just completed the Securing API Server Course from @apisecu with Anthony Aragues! 🛡️ Fantastic insights into API security. Highly recommend it for anyone in the field. #APIsecurity #CyberSecurity @Burp_Suite #OWASP

Enhancing API Server Security: Best Practices from APISec University Introduction: API servers play a pivotal role in modern application architecture, enabling seamless communication between different software components. However, with this convenience comes the responsibility of ensuring robust security measures to safeguard sensitive data and prevent unauthorized access. In this blog post, we'll delve into various... Continue Reading →

2024-04-02 0

What are the plans for 2024 for my infosec knowledge update?

Remeber that repetion is the mother of knowledge. --Roger-- I have not been very active on the blogg in 2023, sorry for that. I hope I can change that for 2024 What is the goals for 2024 There has been some changes for 2024 regarding education budget, so I will need to do some changes for... Continue Reading →

2024-01-01 0

Passed this fantastic course API Penetration Testing Course from @apisecu with @hAPI_hacker. This is my review after finishing the course. #hacking @Burp_Suite #zapproxy #hacking #api @owasp

Hi! Today I want to say a few words about a course I finished yesterday night! This review could have been a one liner: Take this course, if you don’t you are missing something really cool! Big shout out for making this possible. Really great work! https://www.apisecuniversity.com/ Corey J. Ball https://www.linkedin.com/in/coreyjball/ https://twitter.com/hAPI_hacker Dan Barahona https://www.linkedin.com/in/rdbarahona/ https://twitter.com/danbarahona But I want... Continue Reading →

2023-03-22 0

Blog at WordPress.com.

Up ↑