API hacking for the Actually Pretty Inexperienced hacker with Katie Paxton-Fear - OWASP DevSlop

FOLLOW & SUBSCRIBE TO DEVSLOP
LinkedIn: / owas. .
Twitter: / owasp_devslop
KZhead: / owaspdevslop
DEV.TO: dev.to/devslop
Hosts: Nancy Gariche, Tanya Janca (@shehackspurple), Nicole Becher (@thedeadrobots)
Through the eyes of a hacker, APIs are wonderful things. They power everything from Social Media to your IoT microwave and they are full of security vulnerabilities. During this live session, Katie brings us into the world of API hacking, covering the basics:
-How hackers approach a target
-What hackers are looking for
-The general signs that they are on the right track.
She then demonstrates her approach, showing us some of the key vulnerabilities she looks for, how she exploits them and then highlighting the code responsible.
A few people have asked, here's Katie's open-source vulnerable API: github.com/InsiderPhD/example... if you're new to laravel
1. Clone
2. composer update
4. Change the .env
5. php artisan migrate
6. php artisan db:seed
OUR GUEST: KATIE PAXTON-FEAR
Katie is a Ph.D. student in machine learning and cybersecurity. During her free time, she is an occasional bug bounty hunter and cybersecurity KZheadr. She’s found bugs in the Department of Defense, Verizon and Uber. She’s passionate about giving back to the community, producing videos on the basics of bug bounty and how to find your first bug.
You can find Katie on social media:
/ insiderphd
/ rapidbug