vAPI walkthrough

This is a full walkthrough of the Vulnerable Adversely Programmed Interface (vAPI), a deliberately vulnerable web application that you can install locally to practice your API hacking skills. vAPI follows the OWASP API Security Top 10 2019 list of vulnerabilities and gives you one task for each of the 10 listed categories plus three...

DVGA walkthrough

This is a full walkthrough of the Damn Vulnerable GraphQL Application (DVGA), a deliberately vulnerable app that you can use to test your GraphQL API hacking skills. You will find a list of vulnerabilities in DVGA’s main interface, on the Solutions page. With every vulnerability, there is a button that displays a very short...

Getting started with regex

Regular expressions (or regex) offer a way to look into a text file, a form, or a command line output and locate strings that match a specific pattern. This allows you to extract emails, phone numbers, keys that match a given structure, etc. You can think of regex as a search function on steroids....

Basic or extended regex?

Regular expressions (regex) come in several flavours. The two main ones you will come across are: – Basic Regular Expressions (BRE) – Extended Regular Expressions (ERE) From a practical standpoint, the main difference between the two lies in the way they handle special characters. These characters perform a special task or give a certain...

What is a JWT – JSON Web Token?

A JSON Web Token is an encoded string of characters that allows users to identify themselves when interacting with an API. Why do you need a token? Because APIs manage their connections in a different way than regular web applications do. A web app typically relies on stateful connections. This means that when a...

Scroll to top