Using AI to find API bugs

Using AI is a great way to accelerate the discovery of vulnerabilities in an API. There are now many different ways of integrating AI into your game. One of my favorite is using Postman’s Postbot feature. Postbot writes full test scripts from a simple AI prompt. Use this in conjunction with Postman’s collection runner...

Writing a GraphQL query

To fetch or modify information through a GraphQL API, you need to write a request in a formatted way that follows a set of rules: it needs to be a JSON object and it must match the structure of the API’s schema. Also, if GraphQL objects are the containers that give structure to the...

What are GraphQL types?

Every language needs a grammar. If GraphQL is the language you can use to talk to an API, the GraphQL type system gives you the grammar that will make sure your queries are properly formatted and understood. Just like a programming language, GraphQL relies on types to define and describe every element you will...

What is GraphQL?

GraphQL is a query language that you can use to interact with an API. GraphQL allows you to write your own queries that will bring back specifically the info you want from the GraphQL server’s database (within the boundaries of what the API provider wants you to see, which is defined in the schema)....

What is OAuth 2.0?

As I was progressing along my API hacking learning path, OAuth 2.0 kept coming back as something I would have to get my head around at some point. Recently, I was testing an API in the scope of a Vulnerability Disclosure Program on Bugcrowd and OAuth was the authorization mechanism the API was using....

ParaBank walkthrough

So do you want to hack a bank with me? I knew you would… 😉 Let me introduce you to ParaBank, a deliberately vulnerable web application and API, developed by Parasoft, a vendor of automated testing tools. ParaBank is a pseudo online banking app that I recently came across thanks to Bas Dijskstra, who...

Scroll to top