https://img1.pixhost.to/images/9073/645795997_ethical-hacking-of-restful-and-graphql-apis-training-course.png

Ethical Hacking of RESTful and GraphQL APIs Training Course | Udemy [Update 12/2024]
English | Size: 2.09 GB
Genre: eLearning[/center]

Become a Successful REST API and GraphQL API Penetration Tester and Bug Bounty Hunter!

What you'll learn
RESTful API vulnerabilities
GraphQL API vulnerabilities
Basic web application vulnerabilities
Basic mobile application vulnerabilities
Getting started in web application bug bounty
Getting started in mobile application bug bounty
REST API Introduction
REST API Discovery and Recon
REST API Enumeration
REST API Broken Object Level Authorization (BOLA)
REST API Broken Authentication
REST API Broken Object Property Level Authorization
REST API Excessive Data Exposure
REST API Mass Assignment
REST API Unrestricted Resource Consumption
REST API Broken Function Level Authorization (BLFA)
REST API Unrestricted Access to Sensitive Business Flows
REST API Server Side Request Forgery (SSRF)
REST API Security Misconfiguration
REST API Improper Inventory Management
REST API Unsafe Consumption of APIs
REST API Server-side parameter pollution
GraphQL Introduction
What is GraphQL
GraphQL Key terminologies
GraphQL Burp extensions
GraphQL Wordlists
GraphQL Payloads
GraphQL Tools
GraphQL API Attack Surface, Recon, Enumeration
GraphQL Attack Surface Analysis
GraphQL GET requests and the issues
GraphQL POST requests
GraphQL Information Disclosure
GraphQL Introspection
GraphQL GET vs. POST Introspection
GraphQL Introspection filter bypass example
GraphQL Non-prod GraphQL endpoints
GraphQL Field Suggestion
GraphQL Automating Field Suggestion
GraphQL Field Stuffing
GraphQL Abusing Error Messages
GraphQL IDE
GraphQL DoS
GraphQL Deep Recursion Query Attack
GraphQL Circular Fragment Vulnerabilities
GraphQL Batch Query Attacks / Resource Intensive Query Attacks
GraphQL Field Duplication Attacks
GraphQL Alias based attacks (DoS scenario)
GraphQL Directive Overloading
GraphQL Object Limit Overriding
GraphQL Array-Based Query Batching
GraphQL Authentication and Authorization attacks
GraphQL Login functions
GraphQL Bypassing protections
GraphQL Alias based attacks / query batching
GraphQL JWT token forgery
GraphQL Cookie forgery
GraphQL Access control issues and IDORs
GraphQL Injection attacks
GraphQL OS Command Injection
GraphQL SQL Injection
GraphQL HTML Injection
GraphQL XSS (Cross-site scripting)
GraphQL Request Forgery and Hijacking
GraphQL Server-side request forgery (SSRF)
GraphQL Cross-site request forgery (CSRF)
GraphQL GET based CSRF
GraphQL POST based CSRF
GraphQL Cross-Site WebSocket Hijacking (CSWH)

Welcome to the Ethical Hacking of RESTful and GraphQL APIs Training Course

Important note: This course is NOT teaching the actual usage of Burp Suite and its features. This course is a heavily hands-on introduction to both RESTful as well as GraphQL API vulnerabilities. These APIs are very common in modern web and mobile applications.

Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.

This course features theoretical introductions into API vulnerabilities followed by practical exploitations of common RESTful API and GraphQL API vulnerabilities. Some labs are being performed utilizing the Portswigger Web Academy Labs. Other labs are performed on standalone VMs such as crAPI and DVGA. As people use different platforms, The training will not show the set up of crAPI or DVGA. But you can install these easily on a free virtualization software like virtual box on Windows or MacOSX. Martin will be solving a lot of labs and explains each step on finding the vulnerability and w***t can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to start out in API Penetration Testing or API Bug Bounty Hunting.

The course features the following topics.

REST API Introduction

REST API Discovery and Recon

REST API Enumeration

REST API Broken Object Level Authorization (BOLA)

REST API Broken Authentication

REST API Broken Object Property Level Authorization

REST API Excessive Data Exposure

REST API Mass Assignment

REST API Unrestricted Resource Consumption

REST API Broken Function Level Authorization (BLFA)

REST API Unrestricted Access to Sensitive Business Flows

REST API Server Side Request Forgery (SSRF)

REST API Security Misconfiguration

REST API Improper Inventory Management

REST API Unsafe Consumption of APIs

REST API Server-side parameter pollution

GraphQL Introduction

GraphQL What is it?

GraphQL Key terminologies

GraphQL Burp extensions

GraphQL Wordlists

GraphQL Payloads

GraphQL Tools

GraphQL API Attack Surface, Recon, Enumeration

GraphQL Attack Surface Analysis

GraphQL GET requests and the issues

GraphQL POST requests

GraphQL Information Disclosure

GraphQL Introspection

GraphQL GET vs. POST Introspection

GraphQL Introspection filter bypass example

GraphQL Non-prod GraphQL endpoints

GraphQL Field Suggestion

GraphQL Automating Field Suggestion

GraphQL Field Stuffing

GraphQL Abusing Error Messages

GraphQL IDE

GraphQL DoS

GraphQL Deep Recursion Query Attack

GraphQL Circular Fragment Vulnerabilities

GraphQL Batch Query Attacks / Resource Intensive Query Attacks

GraphQL Field Duplication Attacks

GraphQL Alias based attacks (DoS scenario)

GraphQL Directive Overloading

GraphQL Object Limit Overriding

GraphQL Array-Based Query Batching

GraphQL Authentication and Authorization attacks

GraphQL Login functions

GraphQL Bypassing protections

GraphQL Alias based attacks / query batching

GraphQL JWT token forgery

GraphQL Cookie forgery

GraphQL Access control issues and IDORs

GraphQL Injection attacks

GraphQL OS Command Injection

GraphQL SQL Injection

GraphQL HTML Injection

GraphQL XSS (Cross-site scripting)

GraphQL Request Forgery and Hijacking

GraphQL Server-side request forgery (SSRF)

GraphQL Cross-site request forgery (CSRF)

GraphQL GET based CSRF

GraphQL POST based CSRF

GraphQL Cross-Site WebSocket Hijacking (CSWH)

Online RESTful and GraphQL Penetration Testing Playgrounds without local install

Notes & Disclaimer
Portswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. crAPI and DVGA are free as well and can be cloned from GitHub. I will to respond to questions in a reasonable time frame. Learning Web / Mobile Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don't feel frustrated if you don't find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.

Who this course is for:
Anybody interested in learning basic ethical web application hacking / penetration testing
Anybody interested in learning basic API hacking / penetration testing
Anybody interested in learning basic ethical web application bug bounty hunting
Anybody interested in learning basic ethical API bug bounty hunting
Anybody interested in learning how hackers hack web applications
Anybody interested in learning how hackers hack mobile applications
Anybody interested in learning how hackers hack APIs
Developers looking to expand on their knowledge of vulnerabilities that may impact them
Anyone interested in application security
Anyone interested in Red teaming
Anyone interested in offensive security

[align=center]https://i.imgur.com/yMNlxlr.png

download скачать FROM RAPIDGATOR

Код:
https://rapidgator.net/file/da72ae8da39c3fe9676492a960c8de41/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part1.rar.html
https://rapidgator.net/file/0fc90fcd0184f4846b67a1fa63034397/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part2.rar.html
https://rapidgator.net/file/fbe6a1507ea5babe92258c66af1b0276/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part3.rar.html
https://rapidgator.net/file/bd46ddfce6adccbe29a20b29b43c69d3/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part4.rar.html
https://rapidgator.net/file/9e676b10396847536e0689ae95c8d4ac/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part5.rar.html
https://rapidgator.net/file/b874ef5ec2613c0323e2aa035038c90b/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part6.rar.html
https://rapidgator.net/file/6bdea6daf9d958a688edc0df15004747/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part7.rar.html
https://rapidgator.net/file/3448c9ee582cb03f90aacddb07e48186/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part8.rar.html

download скачать FROM TURBOBIT

Код:
https://trbt.cc/trby7bq00lfi/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part1.rar.html
https://trbt.cc/owqv88312epn/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part2.rar.html
https://trbt.cc/xwi4ei5hs0pj/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part3.rar.html
https://trbt.cc/77vz06lg0qdo/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part4.rar.html
https://trbt.cc/4oh3keerzyv2/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part5.rar.html
https://trbt.cc/i8fxxzeqcxnu/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part6.rar.html
https://trbt.cc/i6ytdol58vdl/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part7.rar.html
https://trbt.cc/5zinue88yat1/UD-EthicalHackingofRESTfulandGraphQLAPIsTrainingCourse10802024-12.part8.rar.html

If any links die or problem unrar, send request to

Код:
https://forms.gle/e557HbjJ5vatekDV9