sudoninja book
CtrlK
  • sudoninja book
  • About us
  • Security Area
    • Penetration Testing Methodologies
      • 7 Layer
    • How to Find CVE
      • TOP All bugbounty pentesting CVE
      • What is CVE
      • Where I try to find vulnerability and exploit
      • How to find vulnerability (approach).
      • How to Request CVE
      • My CVE
      • My submission on exploit DB
      • Write up and CVE
      • Published CVE on website
    • DAST/SAST
    • Penetration-Testing
      • Offensive-Resources
      • pentest tool
      • Mind map
      • P14N
    • Web Application Penetration Testing
      • Web Pentesting Methodology
      • Video
      • Cheat sheet
      • Book
      • Lab
      • Mind Map
      • Check list
      • Blog
      • Payload
      • Report
      • Tool
    • Network Penetration Testing
      • Checklist
      • Vulnerable network labs
    • Mobile Penetration testing
      • Mobile PT methology
      • APK Penetration Testing
      • Android PT
        • Methology
        • Github
        • video
        • Report
        • Tool
        • Mind Map
        • Payload
        • Cheat sheet
        • Check list
        • Lab
        • Book
        • Blog
      • iOS PT
        • Methology
        • Check list
        • Github
        • Lab
        • Book
        • Payload
        • Report
        • Mind Map
        • Blog
        • Tool
        • Video
      • Cheatsheet
      • Mind Map
      • Vulnerable Mobile Apps
    • Active Directory penetration testing
      • Methodology
      • Note
      • Checklist
      • Mind map
      • Cheatsheet
      • Tool
      • Note
      • Lab
      • Payload
    • API Penetration Testing
      • Methodology
      • Video
      • Book
      • Mind map
      • Lab
      • Checklist
      • Blog
      • Payload
      • Report
      • Tool
    • Source Code Review
      • Mindmap
      • Link
      • Blog
      • Practice
      • mastering source code analysis lab
    • CTF
      • Practice
        • Youtube
        • CTF
    • IOT Penetration Testing
      • Methodology
        • CCTV
          • 1.Hardware Level Security Parameter
            • 1.1 Test Secure Debug Interfaces
              • Test_1-4
            • 1.2 Verify Unique Cryptographic Keys and Certificates
              • Test 1-3
            • 1.3 Test On-Chip Debug Interface Security
              • Test 1-4
            • 1.4 Test Trusted Execution Implementation
              • Test-1
            • 1.5 – Verify Secure Storage of Sensitive Data
              • Test 1-3
            • 1.6 – Check Tamper Resistance Features
              • Test 1-2
            • 1.7 – Test Intellectual Property Protection Enablement
              • Test 1
            • 1.8 – Verify Boot Image Signature Validation
              • Test 1-2
            • 1.9 – Check Cryptographic PRNG Utilization
              • Test 1-2
          • 2.Software/Firmware
            • 2.1 Verify Memory Protection Mechanisms
              • Test 1
            • 2.2 Test Firmware Data-in-Transit Security
              • TEST 1-5
            • 2.3 Test Server Connection Signature Validation
              • Test 1-5
            • 2.4 – Check for Safe Alternatives to Banned C Functions
              • Test 1
            • 2.5 Validate Firmware Software Bill of Materials (SBOM)
              • Test 1-3
            • 2.6 – Audit Code for Hardcoded Credentials
              • Test 1
            • 2.7a – Test Firmware Digital Signature Pinning
              • Test 1-2
            • 2.7b Assess Firmware Reverse Engineering Protections
              • Test 1
            • 2.8 Evaluate Firmware Update Security
              • Test 1
            • 2.9 Confirm Device Code Signing and Validation
              • Test 1-2
            • 2.10 – Test Anti-Rollback Firmware Protection:
              • TEST 1
            • 2.11 – Verify Scheduled Firmware Update
              • TEST 1
          • 3.Secure Process Conformance
            • 3.1 Verify Mutual Authentication of Wireless Communications
              • Test 1
            • 3.2 – Test Encryption of Wireless Communication Channels
              • Test 1-3
            • 3.3 Assess Trusted Supply Chain for Critical Components
              • TEST 1
            • 3.4 Evaluate Supply Chain Risk Management Process
              • Test 1
            • 3.5 Confirm Use of Non-Proprietary Network Protocols
              • Test 1
          • 4. Security Conformance at Product Development Stage
            • 4.1 Assess Design and Architecture for Counterfeit and Malware Risks
              • Test 1
            • 4.2 Test Threat Mitigation Strategies for Tainted and Counterfeit Products
              • Test 1
            • 4.3 Verify Deployment of Malware Detection Tools in Development
              • Test 1
            • 4.4 Evaluate Supply Chain Risk Management Practices
              • Test 1
      • Cheat sheet
      • Book
      • Mind Map
      • Check list
      • Blog
      • Video
      • Report
      • Tool
      • Vulnerable IoT Labs
    • Red Teaming
      • Mind map
      • OSINT
      • Configure your own vulnerable CTF machine
    • Cloud Security
      • Google Cloud Platform
      • Azure
      • Report
      • AWS
      • Vulnerable Cloud Labs
    • Bug Bounty Hunting
      • Learning Engine for Bug Hunter
      • bug bounty tips
        • Book
        • Guide
      • Cheat sheet
      • Bugbounty writeup - medium / others
      • Hackerone Report
      • Recon map
      • Writeups
      • Bug bounty Platform
      • Tool
      • Bug Bounty Practice Labs
    • Thick Client Pentesting
      • Vulnerable Labs & Applications
    • Malware Analysis
    • DevSecOps
    • Wireless Penetration Testing
      • Note
      • Cheatsheet
      • Vulnerable Wireless Labs
    • LLM penetration Testing
      • Vulnerable LLM/AI Labs
  • Practice and improve skills
  • list of Vulnerabilities-1
    • 2FA/OTP Bypass
    • Account Takeover
    • Apache Log Poisoning through LFI
    • Broken Links
    • Bruteforcing
    • Business Logic Flaws
    • Broken Authentication & Session Management
    • Cross Site Scripting
    • Crawl/Fuzz
    • Content Security Policy (CSP)
    • CORS
    • CSRF
    • Clickjacking
    • CRLF
    • Command Injection
    • Client Side Template Injection (CSTI)
    • cookie
    • Cookies Hacking
    • Captcha Bypass
    • Dangling Markup - HTML scriptless injection
    • Deserialization
    • Directory Browsing
    • DNS Rebinding
    • Email Header Injection
    • Email attacks
    • File Inclusion/Path traversal
    • File Upload
    • Github Recon
    • Header injections
    • HTTP Request Smuggling
    • HTTP Parameter pollution
    • HTML Injection
    • HTTP Authentication
    • HTTP Protocol
    • IDOR
    • JWT Vulnerabilities (Json Web Tokens)
    • LDAP Injection
    • NoSQL injection
    • Open Redirect
    • Online hashes cracked
    • Race Condition
    • Ruby on Rails
    • Rate Limit Bypass
    • Pastejacking
    • Path Traversal
    • Password Reset
    • Prototype Pollution
    • SQL Injection
    • SSRF (Server Side Request Forgery)
    • SSTI (Server Side Template Injection)
    • Session fixation
    • Subdomain Takeover
    • S3 Bucket
    • Unicode Normalization vulnerability
    • XPATH injection
    • XSLT Server Side Injection
    • XXE - XML External Entity
    • XS-Search
    • Web Cache Deception
    • Web Sockets
    • Webshells
  • list of Vulnerabilities-2
    • Web Application Vulnerability 2022
  • Tool
    • sqlmap
      • Sql login bypass
    • Extra
    • Github
    • Search Engine for Hackers
    • Burp Extensions
    • Dorks
    • Python
    • one line script
      • more
  • Note
  • AWAE/OSWE
    • Cherry Tree
  • Burp Suite Certified Practitioner
    • Sql Injection
  • Pentesting Bible
  • Free Certification
  • Hack The Box
  • Bookmark
  • Report
  • Lab
    • MY Machine
  • Framework
    • OWASP guide
      • Map
      • OWASP Cheatsheet
  • CheatSheet
  • Mind Map
  • Certifications
  • Research Tool
  • Learn for Fun
    • Email spoofing
  • POST
    • Here are 24 websites to learn Linux for free:
    • 39 cybersecurity news resources
    • 30 cybersecurity search engines
    • 27 ways to learn ethical hacking for free
Powered by GitBook
On this page

Was this helpful?

  1. Security Area
  2. API Penetration Testing

Video

  1. Everything API Hacking

  2. Finding Your First Bug

  3. API Pentesting

  4. Web Service Pen-testing

  5. https://www.youtube.com/watch?v=cWSu2Ja65Z4

  6. API hacking with postman

  7. API Penetration Test

  8. https://www.youtube.com/watch?v=rAdCONqMJ1I

  9. https://www.youtube.com/watch?v=HXci0-NSwOs

  10. https://www.youtube.com/watch?v=43G_nSTdxLk

  11. https://www.youtube.com/watch?v=vNPt9NCj0Ak&list=PLML0yy7HJ8Hfopy2vDPrIE_pgUia-A1qo

  12. https://www.youtube.com/watch?v=qqmyAxfGV9

PreviousMethodologyNextBook

Last updated 4 years ago

Was this helpful?