API Security

Introduction Hello, welcome back to my blog. In this writeup, I’ll walk you through how I was able to break the GraphQL Bookstore API developed by Ipsalmy, one of my mentors in this field. You can find the lab here: https://api.graphqlbook.org/ and the Github Repository too here: https://github.com/DghostNinja/graphql-bookstore-API. Don’t forget to star the GitHub repository to encourage him to create more awesome labs for the community. A special thanks also goes to HAWD for equipping me with practical API security skills through their intensive 12-week API program. That experience helped me approach this lab with the mindset of an attacker instead of just a tester. Now, enough with the warm-up. Let’s dive into the bookstore and start breaking things xD. ...

Introduction I applied for the HackingAPIsWithDami challenge, and in the first week we were given some courses and the Vulnerable RESTaurant API Lab to test our hands on skills. The lab and installation guid can be found on here: Vulnerable RESTaurant API. NB: I hosted mine locally on ubuntu_server:8080, so the base URL in this write-up may differ from yours. In this write-up, I will be exploiting the API step by step and mapping each vulnerability to the OWASP API Top 10, including practical remediation strategies. ...