Your videos are a gold mine! Thank you so much for making them free accessible and so understandable ❤️
@InsiderPhD4 жыл бұрын
You are so welcome!
@charvi4444 жыл бұрын
Nobody: InsiderPhD: "Howevaaaaaaar...."
@reo46803 жыл бұрын
Bri ish
@forrest83042 жыл бұрын
@@reo4680 in'it
@mrtk-ph5sy3 жыл бұрын
Really love your series 💖 I found my 1 st paid bb this week after completing your series love you 😘
@gamlielhernandez9743 жыл бұрын
I stumbled with your videos while searching for how to start with API hacking, I found you and all I can say your videos are GOLD!!! Thank you so much for sharing your time and knowledge with the Community.
@MH-tw1qi4 жыл бұрын
I spent all my day with this video it's really great I tried hunting all day I didn't hunt :) anything but I'm happy because I collect a lot of knowledge thanks for your tips
@medhasni64323 жыл бұрын
Did you got some now?
@ICTSecurity Жыл бұрын
You are an outstanding educator, please keep doing it! I just wanted to learn about enumeration for a project but now I'll binge the whole channel.
@jalapenohiway2 жыл бұрын
Ok this was.....BY FAR the BEST video I've seen on YT, for "Introduction to APIs", "API Basics", & "API Recon & Pentesting"! It was extremely useful & clear/concise information that thoroughly explained all subject matter at hand. TY soo much!!!! I'm super happy I found your channel!
@InsiderPhD2 жыл бұрын
Wow, thank you so much
@karim3741 Жыл бұрын
a great teacher, amazing and detailed explanation, thank you for your efforts ❤️🔥
@nirchoubey20114 жыл бұрын
Wanted to point out a small mistake. At 5:02 you said name is menu and value is curly braces. Actually value for that menu is an object starting with a curly braces. Thanks for all your effort. You are doing great.
@InsiderPhD4 жыл бұрын
You're absolutely correct, thank you for pointing out my mistake, I will issue a correction in the description
@NanoCyberSec4 жыл бұрын
I am OSCP/OSWE.. and i am starting to learn from you thanks @InsiderPhD keep the greater work up
@ploutosroman42064 жыл бұрын
Nice thank you! Been looking for a detailed api bug video.
@cyberwolf73854 жыл бұрын
You are an amazing teacher Katie!! One can just watch your videos and start a career in Bug bounty hunting. Keep posting more videos. I love your content. You have helped me a lot. Thanks for everything.
@InsiderPhD4 жыл бұрын
Aww thank you for being a supporter of my work
@Naha-ir9mi Жыл бұрын
This is still a well made presentation after 2 years.
@shivanshusahu61213 жыл бұрын
the way you explain things is just awesome.
@TheMortemGaming4 жыл бұрын
Been bouncing around the channels not in order XD but I have to say i love this video and the way you taught it, they keep gettin better and better from what ive seen and super nice to take notes and follow along! Thanks again for the free knowledge !
@Shogunxd3-vp9jv4 жыл бұрын
This is what I was going to learn about today too! This is amazing! Thank you so much!
@satyaprakasha93563 жыл бұрын
Your voice gives me a motivation, thank you so much❤❤❤❤
@InsiderPhD3 жыл бұрын
Hell yeah! Good luck on your hacking journey I’m glad I could inspire you
@lifeofsq565310 ай бұрын
Hello Katie Its wonderful explanation can't wait to test APIs. Thankyou for sharing valuable information :))
@sumitkhadka51233 жыл бұрын
was looking for information and what u are doing for the community and for all is very helpful thank u for ur beautiful content
@allan_bomb3 жыл бұрын
thank you, thank you and thank you! Keep up the great work! Looking forward seeing more of your videos.
@jacobpetrov40414 жыл бұрын
Great video, this series is really helping me out. Looking forward to the next one!
@mashin4777 Жыл бұрын
Thank u, it's really feels like, you have a talent of teaching people
@kandarpmishra60093 жыл бұрын
can you please elaborate what is "endpoint" at 33:52?
@RinkuVaghela4 жыл бұрын
I really apricated your hard work behind your videos .. I love all the videos and learn lots of things thanks a lot
@AdnanDhinojwala4 жыл бұрын
Was really waiting for something like this, Thank you so much
@kavishgour32674 жыл бұрын
My favourite youtuber at the moment :)
@InsiderPhD4 жыл бұрын
:O I’m so honoured!
@ramsekargnanasekar93844 жыл бұрын
Really informative video, thanks!!!!!! I have a doubt when I saw zomato api , it showed a list of many GET method , like GET restaurant name, GET location name etc , so should I type the resto name and city name and try to capture the request using burp and run the response. Is this the method like what you are trying to explain?????
@thecast98642 жыл бұрын
love the comments on your notes "seems sus come back"
@felipeolea88102 жыл бұрын
Fantastic video, where shoould we look if we cant acces any ways to the apis becauser we dont have the crfs token or auth?
@goldengreengrass Жыл бұрын
Thank you Katie for this wonderful lesson...😄😄
@shekharwagh49823 жыл бұрын
Xcellent Video for Developers trying to start Hacking
@helalsadat2077Ай бұрын
Starting TOday Lets rock and roll :))
@omnnnooy32672 жыл бұрын
I am so happy I find your channel 🤩
@selimeneskaraduman69354 жыл бұрын
How do you find xss in API? API responses are json content type is xss possible?
@InsiderPhD4 жыл бұрын
The primary attack is using it to bypass any client-side WAF filters, but you should have a look at XSS write ups with APIs, I added one in the description but there are many others
@rohullahafzali1587 Жыл бұрын
Thanks for your great contents.
@renganathanofficial3 жыл бұрын
you used mouse to write, that's awesome xD
@shift3y3 жыл бұрын
This is brilliant, thank you! Any suggestions on where I can find CTFs to practice these techniques?
@TalsonHacks3 жыл бұрын
PortSwigger’s Web Security Academy, PentesterLab
@WaheedIqbal-gb3yt Жыл бұрын
Hey You made a great job , Thanks a lot
@meispi94574 жыл бұрын
If you could provide those slides, that would be very helpful. thanks, great video!!
@InsiderPhD4 жыл бұрын
I don't provide my slides simply because I am not comfortable with other people presenting my work, I will see what I can in maybe sorting out some written notes in the future.
@meispi94574 жыл бұрын
@@InsiderPhD Valid point.
@InsiderPhD4 жыл бұрын
@rl1k Doe It's less because I don't want people to take credit for my work, but because I want to make sure that if my name is attached to something that it's presented correctly with all the facts!
@optional67192 жыл бұрын
can websites restrict you to use burpsuit to intercept the requests. I am dealing with a website which is restricting me to use it there and its making it really hard to enumerate the good stuff. any help?
@cyber__hawk55552 жыл бұрын
Awesome 👍
@ariyankhan28473 жыл бұрын
you should add link of your video in I button or in this description when you are talking about you some other videos
@InsiderPhD3 жыл бұрын
Excellent idea, thank you I will do this!
@buricobain234 жыл бұрын
Hello is it possible that you can make some video about APIs and perform security tests on PostMan and script? Excellent work I've learned a lot from you.
@InsiderPhD4 жыл бұрын
This is coming soon :) I’m going to do a video on more API testing tools!
@nicholasxyz88804 жыл бұрын
The reports you use in your examples, in the future could you give us the url for them so we can look them up? Thanks!
@InsiderPhD4 жыл бұрын
Now in the description - Information Disclosure: User Information Disclosure via the REST API - /?_method=GET - hackerone.com/reports/384782 - Authorisation Issues: Wordpress.com REST API oauth bypass via Cross Site Flashing - hackerone.com/reports/176308 - Business Logic Errors: Items bought for free due to lacks of quantity controls - hackerone.com/reports/357929 - IDORs: IDOR and statistics leakage in Orders - hackerone.com/reports/544329 - XSS: Stored XSS in blog comments through Shopify API - hackerone.com/reports/192210
@Socversity4 жыл бұрын
It’s really Great, thank you for changing your mic 😁😁😁
@JohnCiprian4 жыл бұрын
Great content. Keep it coming!
@pankajprasad91794 жыл бұрын
Really help full thank you
@sayturestorver4334 Жыл бұрын
Thank you so much !!
@eed52784 жыл бұрын
Wow! Good work, very clear.
@2012mrmoh Жыл бұрын
Great, however, how can I concentrate with an ad every minute. Thank you for your hard work .
@InsiderPhD Жыл бұрын
I’m really sorry I actually have midrolls turned off completely but KZfaq will actually add them back into the videos anyway! Feel free to use an adblocker it’s very annoying
@starkeduplatform23204 жыл бұрын
Thanks for this...really useful for me
@dipakpardesi4661 Жыл бұрын
thanks for the video 👍
@wingwing26832 жыл бұрын
Thanks so much!
@aksharpatel10974 жыл бұрын
Is there something i should know about before starting to learn this?? As i find this quite difficult in some parts
@InsiderPhD4 жыл бұрын
Try to watch my finding your first bug series in order, but you do need to know a little about how the internet works first! Let me know what you’re struggling with specifically and I’ll try to make more videos on it
@aksharpatel10974 жыл бұрын
@@InsiderPhD thanks!
@neoXXquick4 жыл бұрын
Amazing video.. thx for contribution...
@IteLuis4 жыл бұрын
Awesome talk, thank you very much!!
@InsiderPhD4 жыл бұрын
Glad you liked it! More API videos coming really soon!
@hardwork31963 жыл бұрын
thanks a lot for awesome information.
@kabirsuda3 жыл бұрын
Really helpful video keep it up!
@noblesix65254 жыл бұрын
Thank you so much!! Very useful
@digitalcynicism9 ай бұрын
Microwave Oven, doo Doo Doo Doo Doo doo
@champagnepete33864 жыл бұрын
Awesome resource!
@TheHammertownhead4 жыл бұрын
I would love to see a sample of your spreadsheet. Would you be willing to share or post link below your video? Great video!! Great content! Thanks for taking the time! A final slide would be great at the end of the video while you are doing final comments as the screen going black, which is a little freaky.
@InsiderPhD4 жыл бұрын
Link to the spreadsheet :) docs.google.com/spreadsheets/d/1IJvTH6QpTlxWdy4Ss6I0G_f4csCYwBdgE88ya7XijnI/edit?usp=sharing will take your feedback into account for next time!
@TheHammertownhead4 жыл бұрын
@@InsiderPhD keep up the great work on these great videos!!! Very informative!! Its greatly appreciated!
@JuanBotes2 жыл бұрын
great training video, thanks for content \o/
@shiftlock452 Жыл бұрын
lovely voice🤩
@vishalpatidar27374 жыл бұрын
Great video, please make a video on CSRF
@InsiderPhD4 жыл бұрын
Coming next week :)
@hasnainabidkhanzada37543 жыл бұрын
Enumeration is a part of a larger recon process. Right?
@InsiderPhD3 жыл бұрын
Yup but sometimes not! API recon is often discovering endpoints while larger recon is usually exploring a scope in depth
@hasnainabidkhanzada37543 жыл бұрын
@@InsiderPhD Exploring a scope could be finding the hidden endpoints. Isn't this also enumeration?
@h4kster1824 жыл бұрын
really Great, thank you
@cyrilbeyo87314 жыл бұрын
Thank you This was helpful
@xx21254 жыл бұрын
Hi Katie, thanks for this superb video. Do you have somewhere the presentation for download?
@InsiderPhD4 жыл бұрын
No, sorry, unless it's mentioned specifically in the video descriptions I don't make slides freely available, usually I do for conference talks!
@xx21254 жыл бұрын
@@InsiderPhD Ok, so I will take notes from your videos. :)
@albonycal3 жыл бұрын
I'm little bit confused @ 30:29 that means if we remove the cookies and the api accepts it... Does this bypasses Authorization... I'm confused
@InsiderPhD3 жыл бұрын
By removing cookies we are basically “logged out” which is why it works, there are many different type of IDORs but it’s a quick litmus test to check!
@shrirangkahale3 жыл бұрын
Got it..
@hannanjamil10604 жыл бұрын
Can you please share slides? BTW thank you so much. ❤🌹
@emreru56874 жыл бұрын
Thank you so much
@yogteacherdilipmotkar88014 жыл бұрын
Plz tell which lecture are coming at what time means future schedule plz
@InsiderPhD4 жыл бұрын
Next up: Q and A - midweek next week RCE bug in focus - 18th Jan CSRF finding your first bug - 25th Jan I often post in the channel community tab or on twitter when I know what my next video will be!
@nishikanttayade74463 жыл бұрын
For Web Developers start at 14:30
@isfk3 жыл бұрын
Reusing code by creating a web API is not being lazy, its being smart.
@InsiderPhD3 жыл бұрын
Of course! It’s just a joke :)! Using an API can also reduce development time when you’re managing a desktop, web and mobile app for example
@yethu76824 жыл бұрын
can you share the slide of this video?
@RahulYadav-qg9ms4 жыл бұрын
please bring some practical beside theory
@thehackerish4 жыл бұрын
1337 video! Is it just a chance or I am the 3337th person to view the video? :D
@henryasubonteng6954 жыл бұрын
Thank
@MrTiger-eg1gr3 жыл бұрын
This was great. But, if you don't mind, can you please slow down a lil bit while talking?
@InsiderPhD3 жыл бұрын
Of course! Thank you for your feedback! I will definitely try to talk slower and pace myself better!
@bugsbunny62864 жыл бұрын
Can you make a good video on XSS explaining all of them briefly and ways to find it out easily
@InsiderPhD4 жыл бұрын
Great idea I will make this video!
@yassindaboussi25704 жыл бұрын
thank You
@goooooo91974 жыл бұрын
How to find that api plz tell that
@InsiderPhD4 жыл бұрын
Keep an eye out for web apps which have mobile app counterparts, often they both use the same API, another option is to take a look at mobile apps (video coming soon!), but in the meantime, you can check out Spaceraccoon's recent iOS blog spaceraccoon.dev/low-hanging-apples-hunting-credentials-and-secrets-in-ios-apps or using Genymotion to set up an Android emulator
@ishansaha8652 Жыл бұрын
can i get your PPT?
@probeing94184 жыл бұрын
it will be gud if u give reports link is description
@InsiderPhD4 жыл бұрын
Now in the description - Information Disclosure: User Information Disclosure via the REST API - /?_method=GET - hackerone.com/reports/384782 - Authorisation Issues: Wordpress.com REST API oauth bypass via Cross Site Flashing - hackerone.com/reports/176308 - Business Logic Errors: Items bought for free due to lacks of quantity controls - hackerone.com/reports/357929 - IDORs: IDOR and statistics leakage in Orders - hackerone.com/reports/544329 - XSS: Stored XSS in blog comments through Shopify API - hackerone.com/reports/192210
@hanko13 жыл бұрын
i have watched 'All' of your videos but never fined a bug
@InsiderPhD3 жыл бұрын
Keep an eye out I’m posting a video just for you soon!