Alex Olsen
I like to talk about everything and anything appsec related.
Socials: https://linktr.ee/appsecexplained
Session
12-13
14:45
45min
Anyone can hack APIs: A crash course for pentesters and bug bounty hunters.
Alex Olsen
APIs are everywhere. This talk gives a crash course in hacking APIs, aimed at pentesters and bug bounty hunters who want to understand what they are looking at and what they are looking for. This talk will cover practical skills, real-world examples, and a clear testing methodology.
First we’ll cover the essentials: mapping API endpoints, abusing common issues like broken object-level authorisation (BOLA) and mass assignment. Then move onto working at scale, automation and scripting attacks for long-term bug bounty targets.
If you’ve ever looked at an API and thought, “Where do I start?”—this talk is for you.
Main talk track
Track 2