Ammar AhmedAPI Broken Function Level Authorization Vulnerability(BFLA) (crAPI as our vulnerable API)Broken Function Level Authorization (BFLA): BFLA is all about performing unauthorized actions. BFLA vulnerabilities are common for requests…Sep 21Sep 21
Ammar AhmedBroken Object Level Authorization — BOLA (ex crAPI)One of the Main components of Security is Authorization and today we will have a look at an Authorization Vulnerability Called BOLA. But…May 18May 18
Ammar AhmedAPI Token Attacks focusing on Jason Web Token (JWT) Attacks (crAPI as an Example)Many APIs are using Jason Web Token (JWT) for authentication and authorization.Feb 11Feb 11
Ammar AhmedAPI Classic Authentication (Passwords) Attacks (crAPI as an example)In this article we will talk about how to attack normal authentication in APIs to get a Token Bearer and this attack type is similar to Web…Feb 3Feb 3
Ammar AhmedAPIs Vulnerability Scanning Using OWASP ZAP (crAPI as an exmaple)Vulnerability Scanning is the technique with which we will try to find vulnerabilities in the system and/or web application, API, Mobile…Dec 9, 2023Dec 9, 2023
Ammar AhmedExcessive Data Exposure in API (crAPI as an example)Excessive Data Exposure: when an API provider sends back a full data object, typically depending on the client to filter out the…Dec 1, 20231Dec 1, 20231
Ammar AhmedReverse Engineer an API using MITMWEB and POSTMAN and create a Swagger file (crAPI)Many times when the we are trying to Pentest an API we might not get access to Swagger file or the documentations of the API, Today we will…Nov 18, 2023Nov 18, 2023
Ammar AhmedAPI Reconnaissance (Passive Recon)When we are gathering information about an API we use two different methods:Apr 2, 20231Apr 2, 20231
Ammar AhmedInstalling API Pentesting Tools to attack our crAPI APIIn our last article we installed crAPI vulnerable API and in this one we will start installing tools that are essentials for API pentesting…Mar 18, 2023Mar 18, 2023
Ammar AhmedKali Purple Installation.Kali Purple is the new Kali Linux distribution thats aimed at Cybersecurity professionals that not only work in the attacking side of…Mar 18, 2023Mar 18, 2023