If you want to master API security, open this thread!
APIs are used EVERYWHERE for applications to communicate, but let's see how you can HACK them! 👩💻
A Thread 🧵👇
Intigriti
15.2K posts
Intigriti
@intigriti
Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Joined May 2016
- Some #bugbounty hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the #BugBountyTip, @rez0__!
- CHALLENGE: Find the XSS in our #EasterChallenge and WIN a @Burp_Suite Pro License! We'll tweet a tip for every 100 likes! ❤️👇#HackWithIntigriti challenge.intigriti.io
- Excellent e-mail address payloads by @securinti! 🤯 Rewatch "You've got pwned: exploiting e-mail systems" at #NahamCon here: twitch.tv/videos/6497484… #BugBounty #BugBountyTip #BugBountyTips
- If you want to master SQL injections, open this thread! SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!🤯 A Thread 🧵👇
- 🚨 NEW CHALLENGE: Find the XSS and WIN a @Burp_Suite Pro License! As usual, we'll tweet a tip for every 100 likes. 👉❤️ go.intigriti.com/challenge-june #HackWithIntigriti
- If you want to master XSS, open this thread! Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Javascript in your browser! 🤯 A Thread 🧵👇
- Can you spot the vulnerability? 🔎 Show us how you'd create an admin account in the comments 👇 The best explanation gets a 25€ SWAG voucher! 👕
- Did you know you can hide your payloads in phone numbers? ☎️😱 RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!🔥 #BugBountyTips #NahamCon2022EU
- Top 4 tools to automate SQL Injection vulnerabilities! A thread! 👇
- Can you think out of the 📦? Solve our XSS challenge and WIN a @Burp_Suite license and private invites! 🤩More info: challenge.intigriti.io/3
- If you want to master hacking JWT tokens, open this thread! JWT tokens are often used to authenticate logged-in users. They do this by signing the data so that the server can verify forged tokens. But in some cases, we can bypass this protection! 🤯 A Thread 🧵👇
