![]() Mobile apps will often connect to a supporting web application through an API.īy intercepting and reviewing the traffic with a tool like Burp Suite, you can get a pretty good understanding of how the API works and, if you’re lucky, spot some vulnerabilities.Īs a matter of fact, you may want to check out this classic talk by Alissa Knight for Bugcrowd’s LevelUpX series explaining how she tested some fintech mobile apps and their supporting APIs and found hardcoded keys and tokens among other vulnerabilities. Mobile apps are great targets for anyone interested in hacking APIs.
0 Comments
Leave a Reply. |