Register  ·  Log in
Forgot password?

  • [Pluralsight] Hack Your API First [2014, ENG]

    Reply to topic
    Author Message


    Post 05-Sep-2014 22:05



    Hack Your API First
    Год выпуска: 2014
    Производитель: Pluralsight
    Сайт производителя:
    Автор: Troy Hunt
    Продолжительность: 4h 7m
    Тип раздаваемого материала: Видеоурок
    Язык: Английский
    Описание: Recent years have seen a massive explosion in the growth of rich client apps that talk over the web using APIs across HTTP, but unfortunately, all too often they contain serious security vulnerabilities that are actually very easy to locate. This course shows you how.
  • Introduction
  • The Age of the API
  • The Hidden Nature of API Security
  • What Exactly Is an API?
  • What's the Scope of This Course?
  • Introducing Supercar Showdown
  • Introducing the Vulnerable Mobile App
  • Summary
  • Discovering Device Communication With APIs
  • Who Are We Protecting Our APIs From?
  • Proxying Device Traffic Through Fiddler
  • Interpreting Captured Data in Fiddler
  • Intercepting Mobile App Data in Fiddler
  • Discovering More About Mobile Apps via Fiddler
  • Filtering Traffic in Fiddler
  • Alternate Traffic Interception Mechanisms
  • Summary
  • Leaky APIs and Hidden APIs
  • Introduction
  • Discovering Leaky APIs
  • Securing a Leaky API
  • Discovering Hidden APIs via Documentation Pages
  • Discovering Hidden APIs via robots.txt
  • Discovering Hidden APIs via Google
  • Securing Hidden APIs
  • Summary
  • API Manipulation and Parameter Tampering
  • Introduction
  • Defining Untrusted Data
  • Modifying Web Traffic in Fiddler
  • Manipulating App Logic by Request Tampering
  • Response Tampering
  • Summary
  • API Authentication and Authorization Vulnerabilities
  • Introduction
  • Identifying Authentication Persistence
  • The Role of Tokens
  • An Auth Token in Practice
  • An Overview of Authorization Controls
  • Identifying Client Controls vs. Server Controls
  • Circumventing Client Authorization Controls
  • Testing for Insufficient Authorization
  • Testing for Brute Force Protection
  • The Role of OpenID Connect and OAuth
  • Summary
  • Working With SSL Encrypted API Traffic
  • Introduction
  • MitM'ing an HTTPS Connection With Fiddler
  • Configuring Fiddler to Decrypt Encrypted Connections
  • Proxying Encrypted Device Traffic via Fiddler
  • Rejecting Invalid Certificates
  • Identifying a Missing Certificate Validation Check
  • Loading the Fiddler Certificate on a Device
  • SSL Behavior on a Compromised Device
  • Identifying Invalid Certificates
  • The Value Proposition of Certificate Pinning
  • Demonstrating Certificate Pinning
  • Summary
    Файлы примеров: присутствуют
    Формат видео: WMV
    Видео: MPEG4 Video (H264) 1024x768 15fps 120kbps [V: h264 constrained baseline L3.1, yuv42
    Аудио: AAC 44100Hz mono 128kbps [A: aac, 44100 Hz, mono, 128 kb/s]


    Download .torrent

    Download free and at maximum speed!

    How to Download? · What is a torrent? · Ratings and Limitations

    The site does not extend and does not store electronic(digital) versions of products, and only gives access to a reference catalogue created by users on torrent-files which contain only lists of the hash-sums, the earnest entreaty, with complaints(abuse) to access directly to the user. Files for an exchange on tracker are given by users of a site, and the administration does not bear the responsibility for their maintenance. The request to not fill in the files protected by copyrights, and also files of the illegal maintenance!

  • [Profile] [PM]
    Display posts from previous:    
    Reply to topic

    The time now is: Today 10:08

    All times are GMT + 3 Hours

    You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot vote in polls in this forum
    You cannot attach files in this forum
    You cannot download files in this forum