Your agentic AI partner in Burp Suite - Discover Burp AI now            Read more
Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

API testing

This learning path teaches you how to test APIs that aren't fully used by the website front-end. You'll learn key API recon skills to help you discover more attack surface. In addition, you'll learn how to identify server-side parameter pollution vulnerabilities that may impact internal APIs.

Contents

Get started: API recon

0 of 29

GET STARTED

API recon 0 of 1

API recon APPRENTICE Get started

API documentation 0 of 4

API documentation APPRENTICE

Discovering API documentation APPRENTICE

Lab: Exploiting an API endpoint using documentation APPRENTICE

Using machine-readable documentation APPRENTICE

Identifying and interacting with API endpoints 0 of 6

Identifying API endpoints APPRENTICE

Interacting with API endpoints APPRENTICE

Identifying supported HTTP methods APPRENTICE

Identifying supported content types APPRENTICE

Lab: Finding and exploiting an unused API endpoint PRACTITIONER

Using Intruder to find hidden endpoints APPRENTICE

Finding hidden parameters 0 of 1

Finding hidden parameters APPRENTICE

Mass assignment vulnerabilities 0 of 4

Mass assignment vulnerabilities APPRENTICE

Identifying hidden parameters APPRENTICE

Testing mass assignment vulnerabilities APPRENTICE

Lab: Exploiting a mass assignment vulnerability PRACTITIONER

Preventing vulnerabilities in APIs 0 of 1

Preventing vulnerabilities in APIs APPRENTICE

Server-side parameter pollution 0 of 1

Server-side parameter pollution APPRENTICE

Testing for server-side parameter pollution in the query string 0 of 6

Testing for server-side parameter pollution in the query string APPRENTICE

Truncating query strings APPRENTICE

Injecting invalid parameters APPRENTICE

Injecting valid parameters APPRENTICE

Overriding existing parameters APPRENTICE

Lab: Exploiting server-side parameter pollution in a query string PRACTITIONER

Testing for server-side parameter pollution in REST paths 0 of 1

Testing for server-side parameter pollution in REST paths APPRENTICE

Testing for server-side parameter pollution in structured data formats 0 of 2

Testing for server-side parameter pollution in structured data formats APPRENTICE

Testing for server-side parameter pollution in structured data formats - Continued APPRENTICE

Testing for server-side parameter pollution with automated tools 0 of 1

Testing with automated tools APPRENTICE

Preventing server-side parameter pollution 0 of 1

Preventing server-side parameter pollution APPRENTICE