081. PenTesting APIs

Application Program Interfaces have increasingly become a target for hackers. With 6 of the OWASP Top 10 vulnerabilities being API related, it is no surprise that OWASP released their first list of API Security Top 10, last year. For those wanting to better understand the process of API penetration testing, Holly Grace takes you through the process, from scoping the job to which vulnerabilities to look out for. 0'16 What is an API? 2'11 Scoping an API test 4'11 Making API testing more efficient 5'54 What vulnerabilities are we looking for? 8'29 Rate limiting 9'52 The Google+ API bug Useful links: OWASP API Security Top 10 - https://owasp.org/www-project-api-security/ Listen Time: 12 minutes Host: Holly Grace Williams, MD at Secarma