API Penetration Testing

Issued by APIsec University

The API Penetration Testing course provides hands-on instruction on testing APIs for security flaws. Participants in the course have learned specific, detailed tools and techniques for analyzing, testing and identifying API vulnerabilities. The skills learned include API reconnaissance, scanning, auditing JSON Web Tokens, performing authentication and authorization attacks, and exploiting other common API weaknesses like injection, mass assignment, and server-side request forgery.

Type Learning
Level Advanced
Time Weeks

Additional Details

Skills

Earning Criteria

Completed all 12 training modules - total of 12 hours
Passed all 11 module Quizzes with 100% score
Passed all 6 Assessments with 100% score

Standards

OWASP API Security Top 10

APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this, APIs have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

Hacking APIs

The book that teaches you how to test web APIs for security vulnerabilities. You’ll learn how APIs work in the wild. Then you’ll set up a streamlined API testing lab and perform common attacks, like those targeting an API’s authentication mechanisms, and the injection vulnerabilities commonly found in web applications.