Corey Ball is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare. In addition to a bachelor's degree in English and philosophy from Sacramento State University, Corey holds the OSCP, CCISO, CEH, CISA, CISM, CRISC, and CGEIT industry certifications.
"Corey Ball takes you on a journey through the lifecycle of APIs in
such a manner that you’re wanting to not only know more, but also
anticipating trying out your newfound knowledge on the next
legitimate target. From concepts to examples, through to
identifying tools and demonstrating them in fine detail, this book
has it all. It IS the motherload for API hacking, and should be
found next to the desk, well-read by ANYONE wanting to take this
level of adversarial research, assessment, or DevSecOps
seriously."
—Chris Roberts, @Sidragon1, vCISO/Researcher/Hacker
"This book opens the doors to the field of API Hacking, a subject
not very well understood. Using real-world examples that emphasize
Access Control issues, this book will help you understand the ins
and outs of securing APIs, hunt great bounties, and help
organizations improve their API Security!"
—Inon Shkedy, @InonShkedy, Security Researcher
"Even though the internet is filled with information on any topic
possible in cybersecurity, it is still hard to find solid insight
on performing penetration tests on APIs. Corey's book satisfies
this demand—not only for the beginner cybersecurity practitioner,
but also for the seasoned expert."
—Cristi Vlad, @CristiVlad25, Cybersecurity Researcher
"Hacking APIs is extremely helpful for anyone who wants to get into
penetration testing. In particular, this book gives you the tools
to start testing the security of APIs, which are becoming a weak
point for many modern web applications. Experienced security folks
can get something out of the book too, as it features automation
tips and protection bypass techniques that will up any pentesters'
game."
—Vickie Li, @vickieli7, Developer Evangelist, Author of Bug Bounty
Bootcamp
"[Hacking APIs is] the best source of API info I've seen. If you're
curious about what APIs are and how they work, read it once. If you
work with or create APIs, read it twice. If you break APIs, read it
three times."
—Graham Helton, @GrahamHelton3
"One of the few books that is actually dedicated to API hacking. .
. . a great resource for anyone who wants to learn more about API
security and how to hack into web applications. It provides
in-depth information on how to break through various types of APIs,
as well as tips on how to stay ahead of the curve in this rapidly
changing field."
—Dana Epp, Security Boulevard
"This book has more to offer than hacking APIs but sets down a
solid foundation of tools and techniques that would benefit any
developer or QA Engineer that has to develop, test, or otherwise
work with APIs."
—John Wenning, Cybersecurity Researcher, Fortra
"A thorough guide to what APIs are, how they work, what
technologies they use, the various common insecurities that APIs
have, and, most importantly, how to exploit them. . . . I would
recommend Hacking APIs as a great read for anyone interested in
learning more about the vulnerable side of APIs."
—Darlene Hibbs, Senior Cybersecurity Researcher, Fortra
Ask a Question About this Product More... |