API testing provides an alternative to stuff like evading AV or dealing with firewalls. Projected to become one of the widest attack vectors soon due to its wide spread adoption outpacing cybersecurity standards. In other words, VERY VULNERABLE.
Most of this stuff should be a refresher
You, the client, sends requests to the server and in return, the server responds with the requested resource. The responses can be summarized as:
Code | Type |
---|---|
200s | Success |
300s | Redirect |
400s | Client Errors |
500s | Server Errors |
Stateful carries the user session within a cookie.
Stateless uses the database to store the user data.
The difference? Stateful uses the webserver’s computing resources as it requires the maintenance of a stateful connection whereas in a stateless connection, changes are made by updating a database. This requires a form of authentication.
Sql databases are relational ones while NoSql uses keys and values. Relational means that items are stored and contain attributes. You can search for these attributes with a search such as SELECT username,password FROM redemption.userdata
where we are selecting the username and password attributes from the userdata table within the redemption database. A query for a relationless database would look like db.getCollection('accounts').update({username:"admin"}
where we are attempting to update the admin user within the accounts.