CRUD Application - Multiple SQL Injection Points
by Corey J. Ball
Hacking APIs is a crash course on web API security testing.