Are Your APIs SAFE from These 2025 Threats?
MRE Security
@mresecurityAbout
Want to break into cybersecurity but donβt know where to start? Youβre in the right place. At MRE Security, we cut through the noise to bring you accurate, practical content to help you grow in the field. From CTF walkthroughs and hands-on hacking demos to resume tips, interview prep, and expert insights, we cover everything you need to succeed. π New videos every two weeks! Subscribe now and start leveling up your cybersecurity game. π Learn more: https://mresecurity.com
Latest Posts
No results found. Try different keywords.
Video Description
π Stay ahead of cybersecurity insights β Subscribe & turn on notifications! In this conversation, we discuss various Capture The Flag (CTF) challenges from the APISEC|CON 2025 CTF, focusing on cybersecurity topics such as shadow APIs, SQL injection, directory traversal, bug bounty hunting, privilege escalation, API security, and rate limiting. We dive into insights into methodologies for solving these challenges, emphasizing the importance of understanding vulnerabilities and security measures in web applications. Takeaways: CTF challenges often reveal unintended pathways in applications. Shadow APIs can expose hidden functionalities that need to be explored. SQL injection remains a critical vulnerability that can lead to data breaches. Directory traversal attacks can be used to access sensitive files. Bug bounty programs are essential for identifying and reporting vulnerabilities. Privilege escalation can occur if user roles are not properly validated. API security is crucial, especially regarding authentication and authorization. Rate limiting is a necessary defense against brute force attacks. Understanding the underlying technology stack is vital for effective exploitation. Continuous learning and practice in cybersecurity are essential for skill development. Chapters: 00:00 Hidden API Endpoints in JavaScript 08:30 Manual SQL Injection 21:35 Bypassing Directory Traversal Filters 30:10 Server-Side Template Injection Through Jinja2 Templates 37:19 API Privilege Escalation 44:14 Automated API Security Testing (APISEC Scanner) 50:43 Bypass Rate-Limiting Mechanisms π₯ What Makes You Different Podcast: https://www.youtube.com/playlist?list=PLdTw7mr-fqcjRlfC5u87y2kGI5PA-fhrC Follow us everywhere: π Website: https://mresecurity.com π LinkedIn: https://www.linkedin.com/company/mresecurity π Facebook: https://facebook.com/mresecure πΈ Instagram: https://instagram.com/mresecurity Republic of Hackers Discord: https://discord.gg/tyft6vM8bt Disclaimer: This video is for educational purposes only. It demonstrates ethical hacking techniques to improve cybersecurity, and MRE Security is not responsible for how viewers choose to use this information. #cybersecurity #penetrationtesters #networksecurity #vulnerabilities #certifications #infosec #pentesting #certifications #cyber #security
API Security Tools You Need Now
AI-recommended products based on this video
TP-Link Tapo 1080P Indoor Security Camera for Baby Monitor, Dog Camera w/Motion Detection, 2-Way Audio Siren, Night Vision, Cloud & SD Card Storage, Works w/Alexa & Google Home (Tapo C100)
