Dr. Katie Paxton-Fear’s such a wealth of knowledge and does an excellent job explaining concepts that can be otherwise confusing. Thank you for this discussion ❤
My name is mark, please I have big challenge , I have a platform am carrying out bug boungting , but the platform is using bearer token auth, so each time I carry out parameter tempering I get 401, unauthorized , how do I bypass 401, and we’re is the problem coming from , is in url or the bearer token detecting that have change the original parameter ??
🎯 Key Takeaways for quick navigation: 01:15 🛠️ Katie Paxton-Fear introduces her API hacking toolbox for finding vulnerabilities. 02:25 🧩 API testing involves using supportive tools to navigate APIs effectively. 04:01 🗺️ Enumeration identifies API endpoints and vulnerabilities for attack planning. 07:58 🔄 Automation eases API enumeration, reducing the challenge of handling numerous endpoints. 12:46 📜 Tailored wordlists using common nouns, verbs, and actions are effective for API testing. 15:06 ⚙️ Automated tools aid in API enumeration and vulnerability assessment. 19:26 🚪 Use "Authorize" tool to detect Idols (Broken Object/Function Level Authorization). 22:23 📑 Identify data leaks using regex patterns for emails and postcodes. 24:11 🎭 Analyze JSON Web Tokens for security vulnerabilities with the JWT Tool. 25:34 🛠️ Supportive tools enhance manual testing efficiency for effective black box testing. Made with HARPA AI
Thanks Traceable and Dr. Paxton-Fear for sharing the knowledge to encourage and educate the community.
Dr. Katie Paxton-Fear’s such a wealth of knowledge and does an excellent job explaining concepts that can be otherwise confusing.
Thank you for this discussion ❤
nice and clear explanation Dr !
Yup teach me more for the dorks and nerds
My name is mark, please I have big challenge , I have a platform am carrying out bug boungting , but the platform is using bearer token auth, so each time I carry out parameter tempering I get 401, unauthorized , how do I bypass 401, and we’re is the problem coming from , is in url or the bearer token detecting that have change the original parameter ??
🎯 Key Takeaways for quick navigation:
01:15 🛠️ Katie Paxton-Fear introduces her API hacking toolbox for finding vulnerabilities.
02:25 🧩 API testing involves using supportive tools to navigate APIs effectively.
04:01 🗺️ Enumeration identifies API endpoints and vulnerabilities for attack planning.
07:58 🔄 Automation eases API enumeration, reducing the challenge of handling numerous endpoints.
12:46 📜 Tailored wordlists using common nouns, verbs, and actions are effective for API testing.
15:06 ⚙️ Automated tools aid in API enumeration and vulnerability assessment.
19:26 🚪 Use "Authorize" tool to detect Idols (Broken Object/Function Level Authorization).
22:23 📑 Identify data leaks using regex patterns for emails and postcodes.
24:11 🎭 Analyze JSON Web Tokens for security vulnerabilities with the JWT Tool.
25:34 🛠️ Supportive tools enhance manual testing efficiency for effective black box testing.
Made with HARPA AI
thank you doctor pentester
DR KATIETHE GOAT
that sounds so stupid