Security BSides2025
Open in YouTube ↗Anyone Can Hack APIs: A Crash Course For Pentesters And Bug Bounty Hunters
Security BSides London401 views46:31about 1 month ago
This talk demonstrates how to identify and exploit common API vulnerabilities, specifically focusing on Broken Object Level Authorization (BOLA) and Mass Assignment. It highlights the importance of understanding API structure, identifying hidden endpoints, and testing workflows rather than just individual endpoints. The speaker provides a practical methodology for API penetration testing, emphasizing the use of tools like Postman for automated testing and the value of manual reconnaissance.
✓ Has Demo✗ Has Code✗ Tool Released
Vulnerability Classes
OWASP Categories
Part Of
Up Next From This Conference
Security BSides2025
39:23
5 Gaps Exposed In 30+ Real-World Tabletop Exercises
talk
270·about 1 month ago
Security BSides2025
43:18
LLMs for Vulnerability Discovery: Hacking Like Humans (Without Humans)
research presentation
106·about 1 month ago
Security BSides2025
42:47
Playing Peekaboo with Runtime in CI/CD Pipelines
talk
141·about 1 month ago
Similar Talks
Kill List: Hacking an Assassination Site on the Dark Web
DEFCONConference
pythoninsecure-direct-object-reference+33
735K·32:55·6 months ago
Unmasking the Snitch Puck: The Creepy IoT Surveillance Tech in the School Bathroom
DEFCONConference
arp-scannc+36
412K·40:04·6 months ago
Hacking Millions of Modems
DEFCONConference
burpsuiteburp-intruder+34
100K·24:58·over 1 year ago