Resources / YouTube Channels

InsiderPhD

API Hacking & Logic Bugs

InsiderPhD logo

Katie Paxton-Fear’s channel fills a gap that most of my other resources don’t touch: business logic. I can run a scanner and get a list of missing headers and outdated libraries all day, but IDORs and BOLA issues in an API only show up when someone actually thinks through what a request should be allowed to do versus what the server actually checks — and InsiderPhD is the best teacher I’ve found for that specific kind of thinking.

She also bridges academia and practice in a way I find genuinely useful, since a lot of her content is built around methodology — how to take notes, structure recon on an unfamiliar API, and work a target systematically instead of poking around randomly. That’s less about a specific vulnerability class and more about building a repeatable process, which is something I’ve tried to carry into my own testing habits.

The benefit for me is confidence in the parts of an assessment that don’t have a tool for them. Automated scanning covers the low-hanging fruit; InsiderPhD is where I learned that the more interesting bugs are usually sitting in the workflow logic no scanner was ever going to catch.

Visit website → · RSS feed