Learning

Tools

• https://github.com/ticarpi/jwt_tool

• https://github.com/assetnote/kiterunner

• https://github.com/s0md3v/Arjun

• https://github.com/danielmiessler/SecLists

• https://github.com/hAPI-hacker/Hacking-APIs

Your API Hacking Lab

APIsec.ai has hosted an API hacking lab that you can use to practice your skills.

• crAPI can be found at http://crapi.apisec.ai/

• vAPI can be found at http://vapi.apisec.ai/

set up your own lab

• https://github.com/OWASP/crAPI

• https://github.com/roottusk/vapi

Additional Resources

• The Web Security Academy: One of the best free online web security training courses on the Internet.

• APIsecurity.io: A weekly newsletter that is a great resource for the latest and greatest API security news.

• API Hacking Mind Map by David Sopas.

• Get involved in the Bug Bounty communities:

  • Synack

  • BugCrowd

  • HackerOne

  • Intigriti

• Insider PhD Everything API Hacking: Katie Paxton-Fear's playlist of all those great API hacking hits.

• Awesome API Security: All the API security things.