Hacking REST APIs - A beginner's guide

Name: Hacking REST APIs - A beginner's guide
Rating: 4.0 (1118 reviews)

Practical guide to pentesting REST APIs from scratch

Created bySrinivas .

Last updated 4/2025

English

What you'll learn

Learn what are REST APIs
Learn how to pentest REST APIs
Learn common vulnerabilities in REST APIs
Learn to exploit SQL Injection
Learn to exploit XXE vulnerabilities
Learn automated tools for REST API Security Testing

Course content

8 sections • 27 lectures • 1h 7m total length

Introduction1:16
Learn the fundamentals of rest APIs and security concepts, explore automated scanners, and perform hands-on penetration testing using a vulnerable virtual machine.

Introduction1:52
Traditional Web vulnerabilities in REST0:44
SQL Injection11:42
SQL Injection - Vulnerable code1:21
Identify how an inline sql query using a token from get requests creates sql injection in the profile retrieval code and learn to fix it with prepared statements.
Sensitive data in GET1:44
explain why passing sensitive data in get requests is dangerous, exposing credentials in access logs, headers, and browser history, and demonstrate switching to post to protect user data.
Weak Auth tokens & IDOR3:42
Leaky APIs and Insecure Data Storage1:21
Identify how sensitive data leaks in API responses occur, exposing passwords and tokens; demonstrate examples with Burp Suite, revealing clear-text password storage and insecure data handling.
Leaky APIs - Real World Example0:03
API Documentation Walk through3:15
XML External Entity Injection - XXE3:47
XXE - Vulnerable code1:03
Explore how a vulnerable api endpoint processes user-supplied xml via a put request and lacks checks for external entities. This xxe vulnerability enables retrieval of the etsy password file.
Broken Authentication5:02
Abusing lack of Rate Limiting6:26
Explore how lack of rate limiting in rest APIs enables brute force and denial-of-service attacks. Suggest implementing rate limiting, account lockouts after failed attempts, or captchas to prevent these attacks.
More tips for pentesters2:22
Section 4 - Quiz

Requirements

The course starts from basics, however it is good to have basic knowledge of web applications and REST APIs

Description

This course introduces students to the security concepts associated with REST APIs. This is an entry level course and we encourage you to take this course if you are a beginner in REST API security world. This course uses a custom developed vulnerable REST APIs to demonstrate how REST API vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of REST API vulnerabilities such as SQL Injection, XXE, Sensitive data in GET, Leaky APIs etc.

Who this course is for:

Penetration Testers
Web or API Developers
Mobile Application Developers
Security professionals who are interested in REST API Security
Anyone who is interested in ethical hacking and penetration testing
Anyone who is interested in information security concepts

Hacking REST APIs - A beginner's guide

What you'll learn

Explore related topics

Course content

Course Introduction1 lecture • 1min

Lab setup3 lectures • 7min

Basics of REST APIs3 lectures • 4min

Pentesting REST APIs14 lectures • 44min

Automated Assessments3 lectures • 10min

More Challenges1 lecture • 1min

Conclusion1 lecture • 1min

bonus section1 lecture • 1min

Requirements

Description

Who this course is for: