Learning.md

Tools

• https://github.com/ticarpi/jwt_tool
• https://github.com/assetnote/kiterunner
• https://github.com/s0md3v/Arjun
• https://github.com/danielmiessler/SecLists
• https://github.com/hAPI-hacker/Hacking-APIs

Your API Hacking Lab

APIsec.ai has hosted an API hacking lab that you can use to practice your skills.

• crAPI can be found at http://crapi.apisec.ai/
• vAPI can be found at http://vapi.apisec.ai/

set up your own lab

• https://github.com/OWASP/crAPI
• https://github.com/roottusk/vapi

Additional Resources

• The Web Security Academy: One of the best free online web security training courses on the Internet.
• APIsecurity.io: A weekly newsletter that is a great resource for the latest and greatest API security news.
• API Hacking Mind Map by David Sopas.
• Get involved in the Bug Bounty communities:
  • Synack
  • BugCrowd
  • HackerOne
  • Intigriti
• Insider PhD Everything API Hacking: Katie Paxton-Fear's playlist of all those great API hacking hits.
• Awesome API Security: All the API security things.

Courses

• https://university.apisec.ai/