Professionally Evil API Testing: A Practical Course for Beginners with Jennifer Shannon
Overview
- Course Length: 4 hours
- Support from expert instructors
- Includes a certificate of completion
If you want to learn how to perform security testing on web applications that use application programming interfaces (APIs), this course is for you.
APIs are the connective tissue responsible for transferring information between systems, both internally and externally. They are also a common target for cyberattacks, as they can expose sensitive data, application logic, and internal infrastructure. In this course, you will learn the basics of API penetration testing, including:
- What is an API and how it works
- What are the common types of APIs (SOAP and REST) and their differences
- What are some of the most common security risks and vulnerabilities of APIs
- How to use tools and techniques to test APIs for security issues
By the end of this course, you will be able to conduct a basic API pen test using a systematic approach and industry best practices. You will also gain hands-on experience with popular tools such as Postman, Burp Suite, Nmap, and OWASP ZAP. This course is suitable for beginners who have some knowledge of web application security and want to expand their skills to API security testing.
Key Takeaways
- Explore OWASP API Security Top 10 2019
- How to attack REST APIs
- How to prevent API security flaws
- Explore and attack OAuth and JWTs
- Understand that strong data validation is key to API security
Who Should Take This Course
Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.
What Each Student Will Be Provided With
Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.
Students will need a computer capable of running the local SamuraiWTF VM lab environment.
There are no scheduled live dates for this course at this time. Private training may be available.