How to hack an API: A walkthrough | Guest Katie Paxton-Fear

11 snips

Jan 6, 2025

Katie Paxton-Fear, a bug bounty hunter and cybersecurity expert known for her YouTube channel, InsiderPhD, dives into the world of API hacking. She offers a live demonstration showcasing common vulnerabilities in shopping apps, emphasizing creativity in problem-solving. Listeners learn how to use tools like Burp Suite to exploit weaknesses, access personal data, and initiate unauthorized transactions. Katie shares practical tips for beginners, making API hacking an inviting entry into cybersecurity and the bug bounty hunting realm.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

API Security Challenges

APIs are designed for computers but written in human-readable JSON, creating security challenges.
Their broad functionality and numerous endpoints increase the risk of vulnerabilities.

ANECDOTE

Exploiting User IDs

Katie Paxton-Fear demonstrates changing a user ID from '6' to '1' in a request using Burp Suite's Repeater.
This simple change allowed her to view another user's basket, highlighting a common vulnerability.

ADVICE

Test Numerical IDs

Always try changing numerical IDs in API requests to test for vulnerabilities.
This simple check can reveal easy-to-exploit security flaws in applications.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast

Watch the walkthrough here: https://www.youtube.com/watch?v=-CvvtwKXYjE

Join us on Cyber Work Hacks as Katie Paxton-Fear, known as InsiderPhD, demonstrates how to hack APIs and uncover vulnerabilities in shopping apps. Paxton-Fear provides a visual walkthrough of common mistakes in API security, emphasizing problem-solving and creativity over technical skills. You'll learn how to use tools like Burp Suite and Repeater to exploit vulnerabilities, access personal information and make unauthorized transactions. Paxton-Fears' insights make API hacking an accessible entry point into cybersecurity, highlighting the path to becoming a bug bounty hunter. Plus, discover tips on starting your API hacking journey and utilizing Infosec resources to build a successful career in cybersecurity. Don't miss this comprehensive guide to API hacking!

00:00 - Introduction to API security
03:16 - Understanding APIs and their vulnerabilities
05:26 - Live API hacking demonstration
05:43 - Exploring Burp Suite and Repeater
08:28 - Identifying and exploiting API vulnerabilities
09:50 - Real-world API hacking examples
17:21 - Tools and tips for aspiring hackers
19:31 - Steps to start bug bounty hunting
22:23 - Conclusion

– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.