OK, so this is really a ‘note to self’ article that I’m keeping here for future reference. But this will hopefully also help you understand the difference between the query parameters and path variables in Postman and how to use either of these two options. I recently got stuck in an API challenge on root-me.org... Continue reading The post Understanding query parameters and path variables in Postman first appeared on Zero Day Hacker.| Zero Day Hacker
Using AI is a great way to accelerate the discovery of vulnerabilities in an API. There are now many different ways of integrating AI into your game. One of my favorite is using Postman’s Postbot feature. Postbot writes full test scripts from a simple AI prompt. Use this in conjunction with Postman’s collection runner and... Continue reading The post Using AI to find API bugs first appeared on Zero Day Hacker.| Zero Day Hacker
Here is a quick and easy way to test if an API endpoint is vulnerable to a Server Side Request Forgery (SSRF) attack. To do this, we can use a website called webhook.site to simulate a payload. What is SSRF? We want to test for SSRF whenever we come across an API endpoint that fetches... Continue reading The post Testing for SSRF in an API first appeared on Zero Day Hacker.| Zero Day Hacker