The path to "ハッキングAPI"

The path so far (3 books)

1. 1 / 3Real World HTTP 第3版Intermediate

   Why read this first: Authentication, sessions, and cookies all sit on top of HTTP. Grasping HTTP's behavior from first principles first lets you understand structurally where in the protocol the vulnerabilities in Tokumaru's book actually arise.

   Sources

   • HTTP - MDN Web Docs
   • OWASP Top 10 - OWASP Foundation
2. 2 / 3体系的に学ぶ 安全なWebアプリケーションの作り方 第2版Intermediate

   Why read this first: Once Tokumaru's book has cemented the principles and root fixes, reinforce them with a modern, cross-layer view from browser to server. Widening the scope to supply chain and incident response raises the resolution of your defense.

   Sources

   • OWASP Top 10 - OWASP Foundation
3. 3 / 3実践理解！Webアプリケーション セキュリティBeginner

   Why read this first: Once the principles of defense are solid, adopt the attacker's view. Learning API vulnerabilities (BOLA/IDOR, etc.) — now the main battleground for SPAs and microservices — from the offensive side lets you work backward to robust API design.

   Sources

   • OWASP API Security Project - OWASP Foundation