API Management Courses Online

A data stream processing API for Go (alpha)

Automi is an API for processing streams of data using idiomatic Go. Using Automi, programs can process streaming of data chunks by composing stages of operations that are applied to each element of the stream.

Concept

The Automi API expresses a stream with four primitives including: Automi streams use Go channels internally to route data. This means Automi streams automatically support features such as buffering, automatic back-pressure queuing, and concurrency safety.

Packet Construction and Injection

Libnet is an API to help with the construction and injection of network packets. It provides a portable framework for low-level network packet writing and handling (use libnet in conjunction with libpcap and you can write some really cool stuff). Libnet includes packet creation at the IP layer and at the link layer as well as a host of supplementary and complementary functionality. Libnet is very handy with which to write network tools and network test

WPForce - Wordpress Attack Suite

ABOUT:

WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules. For more information, visit the blog post here: https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/ Blogs in other languages: Chinese - www.mottoin.com/100381.html Portuguese - http://www.100security.com.br/wpforce/ Spanish - http://www.1024megas.com/2017/05/wpforce-fuerzabruta-postexplotacion.html

https://esgeeks.com/como-hackear-sitio-wordpress-con-wpforce/ Russian - https://hackware.ru/?p=2547 French - https://securityhack3r.info/wpforce-brute-force-attack-tool-wordpress/ Turkish - http://turkhackteam.org/web-server-guvenligi/1655005-wordpress-site-sizma-testi-part-1-a.html

FEATURES:

• Brute Force via API, not login form bypassing some forms of protection
• Can automatically upload an interactive shell
• Can be used to spawn a full featured reverse shell
• Dumps WordPress password hashes
• Can backdoor authentication function for plaintext password collection
• Inject BeEF hook into all pages
• Pivot to meterpreter if needed

The Nodogsplash project

Nodogsplash is a Captive Portal that offers a simple way to provide restricted access to the Internet by showing a splash page to the user before Internet access is granted. It also incorporates an API that allows the creation of sophisticated authentication applications. It was derived originally from the codebase of the Wifi Guard Dog project. Nodogsplash is released under the GNU General Public License.

• Mailing List: http://ml.ninux.org/mailman/listinfo/nodogsplash
• Original Homepage (no longer available): http://kokoro.ucsd.edu/nodogsplash
• Wifidog: http://dev.wifidog.org/
• GNU GPL: http://www.gnu.org/copyleft/gpl.html The following describes what Nodogsplash does, how to get it and run it, and

API Design and Fundamentals of Google Cloud's Apigee API Platform

• Fundamentals: We open apps, click around, and get responses. We may also do things like log into our banking app and make payments. All of these pass information from the app to the API management platform that directs the request to the correct location in the company's backend systems, to then send a response all the way back through the API management platform to your smartphone app.
  • The idea is to have centralized API management service for every api consumer that can secure, transform, analyze, scale, publish, and monetize api's via the use of api proxies.
  • Example consumers:
    • Partner apps
    • Consumer apps
    • Employee apps
    • Cloud apps
    • Legacy apps
    • IoT
  • Apigee Edge
  • 'Services layer' (API, Developer, Analytics), example API services include:
    • API Gateway
    • Policies and Programmability
    • OAuth and Security
    • Versioning and Governance
  • Apigee Sense
  • 'Intelligent behavior detection and security product'
  • Protects api's from attacks
  • Alerts administrators to suspicious activity like content scraping, credential stuffing, compromised secrets, etc...
  • Apigee Monetization
  • End to end monetization capability
  • Various revenue options
• Tech Stack:
  • Apigee sits between the client and the server.
  • Gateway handles ingress/egress, routing to API/Dev/Analytics services, etc...
  • Horizontally scalable.
  • Add a load balancer between the client and the gateway, and scale the # of gateways as necessary.
  • Highly available
  • Can span zones/regions.
  • Within the API Services...
  • Router - handles all incoming api traffic and dispatches it to the message processor.
  • Message Processor - executes all the policies for a given/specific organization and environment.
  • Management Server - provides api's for all configs and management tasks.
  • Enterprise UI - offers 'extended capability'.
  • cassandra - stores app config, api keys, and oauth tokens.
  • zookeeper - contains service config data.
  • openldap - contains the automization of users and their roles.
  • Within the Analytics Services...
  • Qpidd queuing - transports the analytics data, postgres server, postgreSQL db to manage the analytics database.
  • Qpid/Ingest Server - ^
  • Within the Dev Services...
  • Dev Portal & MySQL DB - mainly used to expose the API docs, and register external devs and their apps.
• API Lifecycle
  • Designed using openAPI methodology.
  • Devs can upload the api specs which will generate the api proxies.
  • ... Some extra details here I didn't take notes on.
  • API debug tool resembling Postman.
  • Security: PCI and HIPAA Compliance. Pen Testing.
  • Publish: API Portal integration into established company portals.
  • Testable documentation and version management.
  • Scale: "Ops Excellence, HA, Multi-Region, Zero Downtime Deployments"
  • Monitor: Proxy usage and performance allows apigee to find and alert teams that are improperly consuming api's (like OMC for TCN) so as to educate them on how to do it properly.
  • Integrate data via API's to tools like Splunk.
  • Monetize: "Flexible rate plans, internationalization support, usage tracking, limits and notifications."
• API Proxy Flows
  • HTTP Client =(request)=> ProxyEndpoint (PreFlow => Conditional Flows => PostFlow) => TargetEndpoint (PreFlow => Conditional Flows => PostFlow) => Server
  • HTTP Client Conditional Flows => PostFlow, PostClientFlow) => TargetEndpoint (PreFlow => Conditional Flows => PostFlow)