From the course: CompTIA PenTest (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,200 courses taught by industry experts.
API attacks and attack resources
From the course: CompTIA PenTest (PT0-002) Cert Prep
API attacks and attack resources
- As most IT infrastructures move more and more towards a distributed environment where there's all kinds of remote services being invoked, we see more and more risk associated with that architecture. So, let's take a quick look at some of the API mechanisms that are commonly used to transport requests and data back and forth to invoke remote functionality. An API is an application programming interface. Basically what it means, it allows one client, typically a remote client to invoke functionality that used to be just embedded inside a software application. It doesn't have to be remote, it can be local, but we're using a lot of remote APIs to invoke remote functionality, and to transfer data back and forth. The cloud applications use this all the time, as well as any distributed application. So, let's look at some vulnerabilities with API and what kind of attacks we can use for APIs. Let's take a look at several of the most common technologies that are used, or really, several of…
Contents
-
-
-
-
-
-
-
OWASP Top 108m 40s
-
(Locked)
Application exploits, part 15m 34s
-
(Locked)
SQL injection demo8m 41s
-
(Locked)
Labtainers lab: SQL injection2m 38s
-
(Locked)
Application exploits, part 28m 2s
-
(Locked)
Application exploits, part 39m 11s
-
(Locked)
Cross-site scripting demo7m
-
(Locked)
Labtainers lab: Cross-site scripting1m 36s
-
(Locked)
Labtainers lab: Cross-site request forgery1m 14s
-
(Locked)
Code vulnerabilities16m 36s
-
(Locked)
API attacks and attack resources6m 28s
-
(Locked)
Privilege escalation: Linux9m 37s
-
(Locked)
Privilege escalation: Windows6m 9s
-
(Locked)
Miscellaneous privilege escalation7m 54s
-
(Locked)
Miscellaneous local host vulnerabilities8m 5s
-
-
-
-
-
-
-
-