Dr. Katie Paxton-Fear’s such a wealth of knowledge and does an excellent job explaining concepts that can be otherwise confusing. Thank you for this discussion ❤
🎯 Key Takeaways for quick navigation: 01:15 🛠️ Katie Paxton-Fear introduces her API hacking toolbox for finding vulnerabilities. 02:25 🧩 API testing involves using supportive tools to navigate APIs effectively. 04:01 🗺️ Enumeration identifies API endpoints and vulnerabilities for attack planning. 07:58 🔄 Automation eases API enumeration, reducing the challenge of handling numerous endpoints. 12:46 📜 Tailored wordlists using common nouns, verbs, and actions are effective for API testing. 15:06 ⚙️ Automated tools aid in API enumeration and vulnerability assessment. 19:26 🚪 Use "Authorize" tool to detect Idols (Broken Object/Function Level Authorization). 22:23 📑 Identify data leaks using regex patterns for emails and postcodes. 24:11 🎭 Analyze JSON Web Tokens for security vulnerabilities with the JWT Tool. 25:34 🛠️ Supportive tools enhance manual testing efficiency for effective black box testing. Made with HARPA AI
My name is mark, please I have big challenge , I have a platform am carrying out bug boungting , but the platform is using bearer token auth, so each time I carry out parameter tempering I get 401, unauthorized , how do I bypass 401, and we’re is the problem coming from , is in url or the bearer token detecting that have change the original parameter ??
Thanks Traceable and Dr. Paxton-Fear for sharing the knowledge to encourage and educate the community.
Dr. Katie Paxton-Fear’s such a wealth of knowledge and does an excellent job explaining concepts that can be otherwise confusing.
Thank you for this discussion ❤
🎯 Key Takeaways for quick navigation:
01:15 🛠️ Katie Paxton-Fear introduces her API hacking toolbox for finding vulnerabilities.
02:25 🧩 API testing involves using supportive tools to navigate APIs effectively.
04:01 🗺️ Enumeration identifies API endpoints and vulnerabilities for attack planning.
07:58 🔄 Automation eases API enumeration, reducing the challenge of handling numerous endpoints.
12:46 📜 Tailored wordlists using common nouns, verbs, and actions are effective for API testing.
15:06 ⚙️ Automated tools aid in API enumeration and vulnerability assessment.
19:26 🚪 Use "Authorize" tool to detect Idols (Broken Object/Function Level Authorization).
22:23 📑 Identify data leaks using regex patterns for emails and postcodes.
24:11 🎭 Analyze JSON Web Tokens for security vulnerabilities with the JWT Tool.
25:34 🛠️ Supportive tools enhance manual testing efficiency for effective black box testing.
Made with HARPA AI
nice and clear explanation Dr !
My name is mark, please I have big challenge , I have a platform am carrying out bug boungting , but the platform is using bearer token auth, so each time I carry out parameter tempering I get 401, unauthorized , how do I bypass 401, and we’re is the problem coming from , is in url or the bearer token detecting that have change the original parameter ??
Yup teach me more for the dorks and nerds
thank you doctor pentester
DR KATIETHE GOAT
that sounds so stupid