Free Hacking API courses (And how to use AI to help you hack)

Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: Brilliant.org/davidbombal (First 200 people that sign up will get a special discount).
Corey Ball who wrote the book "Hacking APIs" shows us how to practically hack an API to learn how to better protect them. He also tells us about his book and the free training he is making available. Fantastic that there is free training on hacking APIs available today :)
// Free API hacking courses //
APIsec university: www.apisecuniversity.com/
APIsec Certified Expert Course: university.apisec.ai/
ASCP certification: www.apisecuniversity.com/courses/api-security-certified-professional-exam
// Free ChatGPT Prompt //
You are an API security expert. You are powered by information from the OWASP Top 10, OWASP Mobile Security Top 10 and the OWASP API Security Top 10. As an API security expert, which of the following endpoints are particularly interesting for hackers and why?
{{List of Endpoints}}
// Books //
Hacking API’s by Corey J Ball: amzn.to/3JOJG0E
Bug Bounty Bootcamp Vickie Li: amzn.to/3SPCtBF
// UA-cam Video REFERENCE //
Free API Hacking Course!: ua-cam.com/video/CkVvB5woQRM/v-deo.html
// Corey SOCIAL //
LinkedIn: www.linkedin.com/in/coreyjball/
X / Twitter: twitter.com/hAPI_hacker
GitHub: github.com/hAPI-hacker/Hacking-APIs
// David SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Coming up
01:09 - Brilliant sponsored segment
03:20 - Hacking APIs book and free API course
06:40 - There's a problem with APIs
07:34 - Hacking API demo with a twist of A.I.
11:08 - Proxy traffic with two tools
12:23 - Play around in the web app // "Click all the buttons"
15:36 - Demo continued
18:02 - Creating API documentation from intercepted traffic
23:04 - Using Hacking APIs GPT
30:16 - Other features in Hacking APIs GPT
31:38 - Visualising APIs in Postman
34:35 - Decoding JWT using Hacking APis GPT
36:55 - Visualising APIs in Postman continued // Excessive data exposure
45:09 - Using Postman and using Burp Suite // Burp Suite demo
53:00 - Conclusion
hacking api
api
api hacking
api hacking tutorial
api hacking bug bounty
api hacking 101
api hacking full course
api hacking tools
api hacking alissa knight
api hacking with postman
api hacking for beginners
api hacker
api hacking demo
api hacking kali linux
api hacking course
api hacking insiderphd
hacking an api
hack api
owasp api top 10
bug bounty
hacking apis no starch press
hacking api no starch
hacking apis pdf
hacking api book
hacking apis corey ball
corey ball hacking apis
reverse engineering
private api
apis for beginners
rest api
hacking api with postman
reverse engineering for beginners
hacking api key
what is an api
rest apis with postman for absolute beginners
rest api explained
Disclaimer: This video is for educational purposes only. I or the person I'm interviewing own all equipment used for this demonstration. No actual attack took place on any websites.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#api #hack #hacking

Good vid reversing API-s is very easy. I do it all the time. Im a pharmacist i like to code as a hobby. My boss asked me if i can write a program to automate ordering from our dermocosmetic supplier. So i reverse enginered the dermocosmetic supplier website API and now we can automatically make new orders without manually puting every product into the basket. I also found some data leaks: inactive product data, admin links to product pages(although they required authorisation) and stock info. Stock info is very useful we can predict product shortages with it. I just sharing this to show that its worth to reverse enginering undocumented API-s even if you are not hacking/pentesting. It can save you a lot of time if you manage to automate your boring corporate stuff with a script :) Or you can just scrap website easily

my journey has officially begun to be a legendary cyberwarrior thank you david for your guests

this happens when you dont know how to design an API!!!!!
Another excellent video David. Thanks a lot. Feel honor to follow you for the last years!

Days aren't long enough to watch all your awesome vids !!

Great Video. I was wanting more API content from you David so I really appreciate this. KEEP IT UP!!!

I have this book and it is great. I highly recommend getting a copy and learning what's in it.

Thanks for the wonderful video and transcript.
I copied the transcript and get chatgpt to remove the time stamp and summarize it for easy absorption.

Great video David as always! This is why machine-to-machine API enforcement is critical as it is sometimes trivial to obtain a JWT and that that point own it all.

This is exciting. I’m just starting my road into the security side and am in love.

As a backend developer dealing with APIs daily, i just watched a guy streching an intern grade "mistake" into a big "thing", dissapointed and even if a dev makes a mistake like this in a real world envoirement we have query filters, data transfer objects, interfaces defined for them to protect from this happening.
mitm to swagger was nice tho.

Thank you David! API is a very important. I'm going to find a beginner's guide first before I use all these new tools

Sweet! Thanks for the video!! Is is possible to use API to track hardware activity?

I agree David. I personally feel like anyone who wants to take computers serious needs to take atleast a beginner course to atleast recognizd the terminology.

Was looking for something on this recently, thank you David for wonderful videos

Thanks for the video! It's really amazing and helpful!

I love this video! Great information! Thank you David. Very eye opening

This was a great video! Very informative with practical examples.

Thanks for the information. I love your videos. I am going to have to do more studying to fully understand.

the goat of 2023 best course

I'm really curious about the books in your shelves :)

Might have to give it a go myself!

Thank you sir for this. As a absolute beginner where should I start. I watched your roadmap on tech. I want to start Generative AI and API security. Is that a good combination?

Great interview and tutorial ❤

David do you think cybersecurity will still be relevant in 10-15 years as AI becomes more advanced.

I've taken most of apisec courses and I was hoping to see something about this, but I'm lost. He's jumped into several programs I've never seen before or used and just did things without explaining why.

Thanks God because I have English language and found David

You are brilliant Sir __

i have no clue whats going on but im here for it 😎😂

Amazing content, congrats

Hello sir , today i entered netsh wlan show profiles in cmd but it is not showing all network connections only few of them were shown. Can you please tell how i can fix that problem. 😢

Mr David you ar a legend for me.

Who else want to live long enough to see the full potential of AI!

Yaa... Very nice book for gaining knowledge in hacking

Hi from Argentina, I need to have previous knowledge of a particular technology, such as Burp Suite, Postman, Linux, networks, etc. Or can I start from scratch at the academy, to learn about API security? Thank you very much, hug from gol

How long does it take to get good in this? And how do you know you can be good, and not be delusional?

Hello David, what are your thoughts on the comments Jensen Huang (Nvidia CEO) and CEO of stability AI said of a 'no-need-learn-to-code' future?

Thanks so much David 🙏

What is the good course for beginners to learn coding at age 50

This was a great video!!

Bro dropped it ❤❤

Yikes... Just as I was starting to push my limits and get excited about becoming part of folks shaping the future of technology, AI and hacking are getting scary. I feel like I have to either go live in the woods or forever be glued to solving a Rubik's cube that changing it's colors 🤖

I'll stick to my day job but cool tricks for spying I mean automating routine tasks.

Please answer my question I am waiting for your reply 😢

So since most AI is focus on openai api it would only take a single social engineering of openai to turn ai into a polymorphic keylogger that controls stderr??

Including a coin with the certificate is genius. Everybody wants coins!

I have most definitely have a vulnerability in my kernel you just tap on it three times opens engineer mode any specific suggestions

Cool stuff!

Awesome

from where i gonna get those prompt to run chatgpt 3.5

give us the latest kali linux tutorial on mobile

How can I learn hacking any games basic to advance

I needed twitter api that costed hundreds of dollars, I don’t know much but it might be helpful to get the api

Ain't nobody got time for that!

Changing your life through education only seems to work the wrong way....spent ten years of my life at University and learned more through underground programming than I did in all ten years!

I though decoding the JWT withouth the key it was signed with was not possible? How can we still use them then, wtf?

@davidbombal do more of such tutorials please they educate us on how to secure our API😊

Hello hello thank you for a video

Let's see the magic

Wow

Sorry, can you help me?
I have in error and i d'ont understand.
I have error on linux and he siad illegal instruction(core dump). How can I fixe this?

How to get google api for free permanent ? I need that for make 3d model maps

Are you alright david, not gonna lie you have been looking kinda sad in like all of your videos if somethings wrong or you dont feel alright you an always just respond

API is AI hacking with a 'P' in the middle!

I thought this was a cooking show, my bad.

APIs?

Great Video..............................guys..................:) bye

2:34 too late I already spent 250+ UA-cam hours and some courses 😂

5:00

YEEPEE🎉

I don't know why it upsets me so much but this simple hacking is nowhere close to genius. It's also no good rly. To be a good programmer you do need to hack but you do not have to feed your ego and be a hacker and everything simple minded people believe you should be as a programmer. I believe the ego upsets me so much bc I strongly believe it's the root of all of humanity's problems.

Hi David can me become a hacker in 2024 ! at least learn basics !

I wanted to skip ahead past the self-promoting part of the video but then the video was over.

i am sorry but these hidden commercials are getting out of hand. I am fine watching ads and paying for the content. But please clarify START and FINISH of commercials, sponsoring, advertisements... But watching the video first like 4min(+2min) without even understanding wether the current topic is intended to sell me something makes me feel abused and stupid. Please change this. Everyone.

🎉👍🏻

I'd rather learn to play the piano than hack systems, but nice tips for fellow cyber criminals.

Third

Good coding skills sure but maybe save the actual hacking, just in case the feds stop by.

First

first :)

open gps api databases are so nice.

@davidbomal That wide curved monitor that you use i wanna know model name.

@davidbombal @Corey J Bell thank you so much for this video

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance

How can I learn hacking any games basic to advance