Ethical Hacking Of Restful And Graphql Apis Training Course

Become a Successful REST API and GraphQL API Penetration Tester and Bug Bounty Hunter!

What you'll learn

RESTful API vulnerabilities

GraphQL API vulnerabilities

Basic web application vulnerabilities

Basic mobile application vulnerabilities

Getting started in web application bug bounty

Getting started in mobile application bug bounty

REST API Introduction

REST API Discovery and Recon

REST API Enumeration

REST API Broken Object Level Authorization (BOLA)

REST API Broken Authentication

REST API Broken Object Property Level Authorization

REST API Excessive Data Exposure

REST API Mass Assignment

REST API Unrestricted Resource Consumption

REST API Broken Function Level Authorization (BLFA)

REST API Unrestricted Access to Sensitive Business Flows

REST API Server Side Request Forgery (SSRF)

REST API Security Misconfiguration

REST API Improper Inventory Management

REST API Unsafe Consumption of APIs

REST API Server-side parameter pollution

GraphQL Introduction

What is GraphQL

GraphQL Key terminologies

GraphQL Burp extensions

GraphQL Wordlists

GraphQL Payloads

GraphQL Tools

GraphQL API Attack Surface, Recon, Enumeration

GraphQL Attack Surface Analysis

GraphQL GET requests and the issues

GraphQL POST requests

GraphQL Information Disclosure

GraphQL Introspection

GraphQL GET vs. POST Introspection

GraphQL Introspection filter bypass example

GraphQL Non-prod GraphQL endpoints

GraphQL Field Suggestion

GraphQL Automating Field Suggestion

GraphQL Field Stuffing

GraphQL Abusing Error Messages

GraphQL IDE

GraphQL DoS

GraphQL Deep Recursion Query Attack

GraphQL Circular Fragment Vulnerabilities

GraphQL Batch Query Attacks / Resource Intensive Query Attacks

GraphQL Field Duplication Attacks

GraphQL Alias based attacks (DoS scenario)

GraphQL Directive Overloading

GraphQL Object Limit Overriding

GraphQL Array-Based Query Batching

GraphQL Authentication and Authorization attacks

GraphQL Login functions

GraphQL Bypassing protections

GraphQL Alias based attacks / query batching

GraphQL JWT token forgery

GraphQL Cookie forgery

GraphQL Access control issues and IDORs

GraphQL Injection attacks

GraphQL OS Command Injection

GraphQL SQL Injection

GraphQL HTML Injection

GraphQL XSS (Cross-site scripting)

GraphQL Request Forgery and Hijacking

GraphQL Server-side request forgery (SSRF)

GraphQL Cross-site request forgery (CSRF)

GraphQL GET based CSRF

GraphQL POST based CSRF

GraphQL Cross-Site WebSocket Hijacking (CSWH)

Requirements

Basic IT Skills

Basic understanding of web or mobile app technology

No Linux, programming or hacking knowledge required

Computer with a minimum of 4GB ram/memory

Operating System: Windows / Apple Mac OS / Linux

Reliable internet connection

Burp Suite Community (Pro optional)

Firefox Web Browser

Either VMware, Virtual Box, Raspberry PI or similar to run virtual servers

Description

Welcome to the Ethical Hacking of RESTful and GraphQL APIs Training CourseImportant note: This course is NOT teaching the actual usage of Burp Suite and its features. This course is a heavily hands-on introduction to both RESTful as well as GraphQL API vulnerabilities. These APIs are very common in modern web and mobile applications. Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.This course features theoretical introductions into API vulnerabilities followed by practical exploitations of common RESTful API and GraphQL API vulnerabilities. Some labs are being performed utilizing the Portswigger Web Academy Labs. Other labs are performed on standalone VMs such as crAPI and DVGA. As people use different platforms, The training will not show the set up of crAPI or DVGA. But you can install these easily on a free virtualization software like virtual box on Windows or MacOSX. Martin will be solving a lot of labs and explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. This training is highly recommended for anyone who wants to start out in API Penetration Testing or API Bug Bounty Hunting.The course features the following topics.REST API IntroductionREST API Discovery and Recon REST API Enumeration REST API Broken Object Level Authorization (BOLA)REST API Broken AuthenticationREST API Broken Object Property Level AuthorizationREST API Excessive Data Exposure REST API Mass AssignmentREST API Unrestricted Resource ConsumptionREST API Broken Function Level Authorization (BLFA)REST API Unrestricted Access to Sensitive Business FlowsREST API Server Side Request Forgery (SSRF)REST API Security Misconfiguration REST API Improper Inventory Management REST API Unsafe Consumption of APIsREST API Server-side parameter pollutionGraphQL IntroductionGraphQL What is it?GraphQL Key terminologiesGraphQL Burp extensionsGraphQL WordlistsGraphQL PayloadsGraphQL ToolsGraphQL API Attack Surface, Recon, EnumerationGraphQL Attack Surface AnalysisGraphQL GET requests and the issuesGraphQL POST requestsGraphQL Information DisclosureGraphQL Introspection GraphQL GET vs. POST Introspection GraphQL Introspection filter bypass exampleGraphQL Non-prod GraphQL endpointsGraphQL Field SuggestionGraphQL Automating Field SuggestionGraphQL Field StuffingGraphQL Abusing Error MessagesGraphQL IDEGraphQL DoSGraphQL Deep Recursion Query AttackGraphQL Circular Fragment VulnerabilitiesGraphQL Batch Query Attacks / Resource Intensive Query AttacksGraphQL Field Duplication AttacksGraphQL Alias based attacks (DoS scenario)GraphQL Directive OverloadingGraphQL Object Limit OverridingGraphQL Array-Based Query BatchingGraphQL Authentication and Authorization attacksGraphQL Login functionsGraphQL Bypassing protections GraphQL Alias based attacks / query batching GraphQL JWT token forgery GraphQL Cookie forgery GraphQL Access control issues and IDORs GraphQL Injection attacksGraphQL OS Command InjectionGraphQL SQL Injection GraphQL HTML Injection GraphQL XSS (Cross-site scripting)GraphQL Request Forgery and HijackingGraphQL Server-side request forgery (SSRF)GraphQL Cross-site request forgery (CSRF)GraphQL GET based CSRFGraphQL POST based CSRFGraphQL Cross-Site WebSocket Hijacking (CSWH)Notes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. crAPI and DVGA are free as well and can be cloned from GitHub. I will to respond to questions in a reasonable time frame. Learning Web / Mobile Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.

Overview

Section 1: ETHICAL HACKING OF REST & GRAPHQL APIs

Lecture 1 REST & GRAPHQL API AGENDA

Lecture 2 Setting up Burp

Section 2: RESTful API Introduction

Lecture 3 RESTful API Introduction

Section 3: RESTful API Discovery and Recon

Lecture 4 RESTful API Discovery and Recon

Lecture 5 Enumeration Lab

Section 4: RESTful API Broken Object Level Authorization (BOLA)

Lecture 6 RESTful API Broken Object Level Authorization (BOLA)

Lecture 7 RESTful API Broken Object Level Authorization (BOLA) - lab 1

Lecture 8 RESTful API Broken Object Level Authorization (BOLA) - lab 2

Section 5: RESTful API Broken Authentication

Lecture 9 RESTful API Broken Authentication

Lecture 10 RESTful API Broken Authentication - lab 1

Section 6: RESTful API Broken Object Property Level Authorization (Excessive Data Exposure)

Lecture 11 RESTful API Broken Object Property Level Authorization (Excessive Data Exposure)

Lecture 12 RESTful API Broken Object Property Level Authorization (Excessive Data Exposure)

Lecture 13 RESTful API Broken Object Property Level Authorization (Excessive Data Exposure)

Section 7: RESTful API Unrestricted Resource Consumption

Lecture 14 RESTful API Unrestricted Resource Consumption

Lecture 15 RESTful API Unrestricted Resource Consumption - lab 1

Section 8: RESTful API Broken Function Level Authorization (BFLA)

Lecture 16 RESTful API Broken Function Level Authorization (BFLA)

Lecture 17 RESTful API Broken Function Level Authorization (BFLA) - lab 1

Lecture 18 RESTful API Broken Function Level Authorization (BFLA) - lab 2

Lecture 19 RESTful API Broken Function Level Authorization (BFLA) - lab 3

Section 9: RESTful API Unrestricted Access to Sensitive Business Flows

Lecture 20 RESTful API Unrestricted Access to Sensitive Business Flows

Lecture 21 RESTful API Unrestricted Access to Sensitive Business Flows - labs 1 and 2

Lecture 22 RESTful API Unrestricted Access to Sensitive Business Flows - labs 3

Section 10: RESTful API Server Side Request Forgery

Lecture 23 RESTful API Server Side Request Forgery

Lecture 24 RESTful API Server Side Request Forgery - lab 1

Section 11: RESTful API Security Misconfiguration

Lecture 25 RESTful API Security Misconfiguration

Section 12: RESTful API Improper Inventory Management

Lecture 26 RESTful API Improper Inventory Management

Section 13: RESTful API Unsafe Consumption of APIs

Lecture 27 RESTful API Unsafe Consumption of APIs

Lecture 28 RESTful API Unsafe Consumption of APIs - lab 1

Section 14: RESTful API server-side parameter pollution

Lecture 29 RESTful API server-side parameter pollution

Lecture 30 Server-side parameter pollution - lab 1

Section 15: GraphQL API Introduction

Lecture 31 GraphQL API Introduction

Section 16: GraphQL API Attack Surface Analysis, Recon, Enumeration

Lecture 32 GraphQL API Attack Surface Analysis, Recon, Enumeration

Lecture 33 GraphQL API Attack Surface Analysis, Recon, Enumeration - lab 1

Section 17: GraphQL API Information Disclosure

Lecture 34 GraphQL API Information Disclosure

Lecture 35 GraphQL API Information Disclosure - lab 1 introspection

Lecture 36 GraphQL API Information Disclosure - lab 2 graphql ide

Lecture 37 GraphQL API Information Disclosure - lab 3 field suggestion

Lecture 38 GraphQL API Information Disclosure - lab 4 stack traces

Lecture 39 GraphQL API Information Disclosure - lab 5 - Accessing private GraphQL posts

Lecture 40 GraphQL API Information Disclosure - lab 6 - Burp Accidental exposure of private

Lecture 41 GraphQL API Information Disclosure - lab 7 - Finding a hidden GraphQL endpoint

Section 18: GraphQL API Denial of Service (DoS)

Lecture 42 GraphQL API Denial of Service (DoS)

Lecture 43 GraphQL API Denial of Service (DoS) - lab 1 and 2 resource intensive batch query

Lecture 44 GraphQL API Denial of Service (DoS) - lab 3 deep recursion query

Lecture 45 GraphQL API Denial of Service (DoS) - lab 4 field duplication

Lecture 46 GraphQL API Denial of Service (DoS) - lab 5 alias based DoS

Lecture 47 GraphQL API Denial of Service (DoS) - lab 6 circular fragment attack

Section 19: GraphQL API Authentication and Authorization bypasses

Lecture 48 GraphQL API Authentication and Authorization bypasses

Lecture 49 GraphQL API Authentication and Authorization bypasses - lab 1 cookie forge

Lecture 50 GraphQL API Authentication and Authorization bypasses - lab2 header bypass

Lecture 51 GraphQL API Authentication and Authorization bypasses - lab 3 Bypassing GraphQL

Section 20: GraphQL API Injection attacks

Lecture 52 GraphQL API Injection attacks

Lecture 53 GraphQL API Injection attacks - lab 1 os command injection

Lecture 54 GraphQL API Injection attacks - lab 2 sql injection

Lecture 55 GraphQL API Injection attacks - lab 3 and 4 XSS and HTML injection

Section 21: GraphQL API Request Forgery and Hijacking

Lecture 56 GraphQL API Request Forgery and Hijacking

Lecture 57 GraphQL API Request Forgery and Hijacking - lab 1 SSRF

Lecture 58 GraphQL API Request Forgery and Hijacking - lab 2 Performing CSRF exploits over

Anybody interested in learning basic ethical web application hacking / penetration testing,Anybody interested in learning basic API hacking / penetration testing,Anybody interested in learning basic ethical web application bug bounty hunting,Anybody interested in learning basic ethical API bug bounty hunting,Anybody interested in learning how hackers hack web applications,Anybody interested in learning how hackers hack mobile applications,Anybody interested in learning how hackers hack APIs,Developers looking to expand on their knowledge of vulnerabilities that may impact them,Anyone interested in application security,Anyone interested in Red teaming,Anyone interested in offensive security