Free Hacking API courses (And how to use AI to help you hack)

Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: Brilliant.org/davidbombal (First 200 people that sign up will get a special discount).
Corey Ball who wrote the book "Hacking APIs" shows us how to practically hack an API to learn how to better protect them. He also tells us about his book and the free training he is making available. Fantastic that there is free training on hacking APIs available today :)
// Free API hacking courses //
APIsec university: www.apisecuniversity.com/
APIsec Certified Expert Course: university.apisec.ai/
ASCP certification: www.apisecuniversity.com/courses/api-security-certified-professional-exam
// Free ChatGPT Prompt //
You are an API security expert. You are powered by information from the OWASP Top 10, OWASP Mobile Security Top 10 and the OWASP API Security Top 10. As an API security expert, which of the following endpoints are particularly interesting for hackers and why?
{{List of Endpoints}}
// Books //
Hacking API’s by Corey J Ball: amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: amzn.to/3SPCtBF
// RUclips Video REFERENCE //
Free API Hacking Course!: ruclips.net/video/CkVvB5woQRM/видео.html
// Corey SOCIAL //
LinkedIn: www.linkedin.com/in/coreyjball/
X / Twitter: twitter.com/hAPI_hacker
GitHub: github.com/hAPI-hacker/Hacking-APIs
// David SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: ruclips.net/user/davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming up
01:09 - Brilliant sponsored segment
03:20 - Hacking APIs book and free API course
06:40 - There's a problem with APIs
07:34 - Hacking API demo with a twist of A.I.
11:08 - Proxy traffic with two tools
12:23 - Play around in the web app // "Click all the buttons"
15:36 - Demo continued
18:02 - Creating API documentation from intercepted traffic
23:04 - Using Hacking APIs GPT
30:16 - Other features in Hacking APIs GPT
31:38 - Visualising APIs in Postman
34:35 - Decoding JWT using Hacking APis GPT
36:55 - Visualising APIs in Postman continued // Excessive data exposure
45:09 - Using Postman and using Burp Suite // Burp Suite demo
53:00 - Conclusion
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
api hacking tools
api hacking alissa knight
api hacking with postman
api hacking for beginners
api hacker
api hacking demo
api hacking kali linux
api hacking course
api hacking insiderphd
hacking an api
hack api
owasp api top 10
bug bounty
hacking apis no starch press
hacking api no starch
hacking apis pdf
hacking api book
hacking apis corey ball
corey ball hacking apis
reverse engineering
private api
apis for beginners
rest api
hacking api with postman
reverse engineering for beginners
hacking api key
what is an api
rest apis with postman for absolute beginners
rest api explained
Disclaimer: This video is for educational purposes only. I or the person I'm interviewing own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#api #hack #hacking

Good vid reversing API-s is very easy. I do it all the time. Im a pharmacist i like to code as a hobby. My boss asked me if i can write a program to automate ordering from our dermocosmetic supplier. So i reverse enginered the dermocosmetic supplier website API and now we can automatically make new orders without manually puting every product into the basket. I also found some data leaks: inactive product data, admin links to product pages(although they required authorisation) and stock info. Stock info is very useful we can predict product shortages with it. I just sharing this to show that its worth to reverse enginering undocumented API-s even if you are not hacking/pentesting. It can save you a lot of time if you manage to automate your boring corporate stuff with a script :) Or you can just scrap website easily

Days aren't long enough to watch all your awesome vids !!

Great Video. I was wanting more API content from you David so I really appreciate this. KEEP IT UP!!!

Was looking for something on this recently, thank you David for wonderful videos

Thank you David! API is a very important. I'm going to find a beginner's guide first before I use all these new tools

Thanks for the video! It's really amazing and helpful!

Thanks for the information. I love your videos. I am going to have to do more studying to fully understand.

This was a great video! Very informative with practical examples.

Very awesome video David . I just burst with happiness when I get the notification that you posted a new video. 😊

I have this book and it is great. I highly recommend getting a copy and learning what's in it.

Great video David as always! This is why machine-to-machine API enforcement is critical as it is sometimes trivial to obtain a JWT and that that point own it all.

Sweet! Thanks for the video!! Is is possible to use API to track hardware activity?

Thanks for the wonderful video and transcript.
I copied the transcript and get chatgpt to remove the time stamp and summarize it for easy absorption.

Great interview and tutorial ❤

my journey has officially begun to be a legendary cyberwarrior thank you david for your guests

Amazing content, congrats

This was a great video!!

this happens when you dont know how to design an API!!!!!
Another excellent video David. Thanks a lot. Feel honor to follow you for the last years!

You are brilliant Sir __

Might have to give it a go myself!

Cool stuff!

Thank you sir for this. As a absolute beginner where should I start. I watched your roadmap on tech. I want to start Generative AI and API security. Is that a good combination?

I'm really curious about the books in your shelves :)

Yaa... Very nice book for gaining knowledge in hacking

Hello sir , today i entered netsh wlan show profiles in cmd but it is not showing all network connections only few of them were shown. Can you please tell how i can fix that problem. 😢

This is exciting. I’m just starting my road into the security side and am in love.

Thanks so much David 🙏

the goat of 2023 best course

Hello David, what are your thoughts on the comments Jensen Huang (Nvidia CEO) and CEO of stability AI said of a 'no-need-learn-to-code' future?

Bro dropped it ❤❤

i have no clue whats going on but im here for it 😎😂

Thanks God because I have English language and found David

As a backend developer dealing with APIs daily, i just watched a guy streching an intern grade "mistake" into a big "thing", dissapointed and even if a dev makes a mistake like this in a real world envoirement we have query filters, data transfer objects, interfaces defined for them to protect from this happening.
mitm to swagger was nice tho.

Awesome

I have most definitely have a vulnerability in my kernel you just tap on it three times opens engineer mode any specific suggestions

Hello hello thank you for a video

Mr David you ar a legend for me.

from where i gonna get those prompt to run chatgpt 3.5

What is the good course for beginners to learn coding at age 50

Sorry, can you help me?
I have in error and i d'ont understand.
I have error on linux and he siad illegal instruction(core dump). How can I fixe this?

I agree David. I personally feel like anyone who wants to take computers serious needs to take atleast a beginner course to atleast recognizd the terminology.

I've taken most of apisec courses and I was hoping to see something about this, but I'm lost. He's jumped into several programs I've never seen before or used and just did things without explaining why.

I though decoding the JWT withouth the key it was signed with was not possible? How can we still use them then, wtf?

I'll stick to my day job but cool tricks for spying I mean automating routine tasks.

How long does it take to get good in this? And how do you know you can be good, and not be delusional?

How can I learn hacking any games basic to advance

Wow

YEEPEE🎉

Ain't nobody got time for that!

David do you think cybersecurity will still be relevant in 10-15 years as AI becomes more advanced.

give us the latest kali linux tutorial on mobile

Who else want to live long enough to see the full potential of AI!

Including a coin with the certificate is genius. Everybody wants coins!

How to get google api for free permanent ? I need that for make 3d model maps

Yikes... Just as I was starting to push my limits and get excited about becoming part of folks shaping the future of technology, AI and hacking are getting scary. I feel like I have to either go live in the woods or forever be glued to solving a Rubik's cube that changing it's colors 🤖

Great Video..............................guys..................:) bye

I needed twitter api that costed hundreds of dollars, I don’t know much but it might be helpful to get the api

🎉👍🏻

Let's see the magic

5:00

Please answer my question I am waiting for your reply 😢

I'd rather learn to play the piano than hack systems, but nice tips for fellow cyber criminals.

I thought this was a cooking show, my bad.

APIs?

First

open gps api databases are so nice.

Are you alright david, not gonna lie you have been looking kinda sad in like all of your videos if somethings wrong or you dont feel alright you an always just respond

2:34 too late I already spent 250+ RUclips hours and some courses 😂

API is AI hacking with a 'P' in the middle!

first :)

Third

Changing your life through education only seems to work the wrong way....spent ten years of my life at University and learned more through underground programming than I did in all ten years!

Hi David can me become a hacker in 2024 ! at least learn basics !

i am sorry but these hidden commercials are getting out of hand. I am fine watching ads and paying for the content. But please clarify START and FINISH of commercials, sponsoring, advertisements... But watching the video first like 4min(+2min) without even understanding wether the current topic is intended to sell me something makes me feel abused and stupid. Please change this. Everyone.

Good coding skills sure but maybe save the actual hacking, just in case the feds stop by.

@davidbombal do more of such tutorials please they educate us on how to secure our API😊

I don't know why it upsets me so much but this simple hacking is nowhere close to genius. It's also no good rly. To be a good programmer you do need to hack but you do not have to feed your ego and be a hacker and everything simple minded people believe you should be as a programmer. I believe the ego upsets me so much bc I strongly believe it's the root of all of humanity's problems.

@davidbomal That wide curved monitor that you use i wanna know model name.

@davidbombal @Corey J Bell thank you so much for this video

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance