+++
title = "Technical book review: Hacking APIs"
author = ["Michał Sapka"]
date = 2024-01-19T20:01:00+01:00
categories = ["blog"]
draft = false
weight = 2001
abstract = "Short impression of 2600 magazine"
+++

{{< img-r "hacking-apis.jpg" >}}
Cover
{{< /img-r >}}

I am a software developer with a new-found interest in security.
Childhood spent watching hacking-related entertainment didn't go to waste.
When I saw the _hacking_ humble bundle, I knew I needed it.
My first read[^fn:1] from that bundle was not a love at first sight I expected it to be.
Luckily, _Hacking APIs_ is a completely different beast.

The title says it all: it's about hacking web APIs.
The target audience seems to be aspiring pentesters.
I may even say that no prior experience is expected, as the author explains _a lot_.
You will learn how those APIs work, what to look when testing them and how to exploit them.

The book gives a really nice overview of most common vulnerabilities types, giving me new ways to be smug.
It is always welcomed.

Still, I will not benefit from a huge part of this book as it reads like a commercial for Burp Suite.
Yes, it is a standard and learning what one can do with it is great.
But I am not a pentester, so I will not need all that practical knowledge.
It's a great exercise for me, nothing more.

It will also come in handy if I decide to switch trades.

Highly recommended book!


## Meta {#meta}

-   Read as PDF on Onyx Boox Note Air 2.
-   Issues bought from Humble Bundle
-   Next up: back to "Absolute FreeBSD".

[^fn:1]: [Cybersecurity for Small Networks](/blog/2023/cybersecurity-for-small-networks/)