Professionally Evil API Testing
September 5 @ 11:00 am – 4:00 pm EDT
Instructor: Jennifer Shannon
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
Course Description
This workshop-style intermediate course is designed to complement a student’s understanding of traditional Web Application Security. It focuses on modern application and API security features and tactics to protect APIs and microservices from attacks. Because the material in this course leans on standard HTTP and browser features, and standard web and API security best practices, the lessons and labs are applicable across programming languages and platform implementations. This material in this course is approached both from the perspective of an adversary and that of a defender.
Key Takeaways
- Explore OWASP API Security Top 10 2019
- How to attack REST APIs
- How to prevent API security flaws
- Explore and attack OAuth and JWTs
- Understand that strong data validation is key to API security
Who Should Take This Course
Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.
Student Requirements
Students will need a computer capable of running the local SamuraiWTF VM lab environment.
What Each Student Will Be Provided
Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.
Course Instructors
Jennifer is a senior security consultant at Secure Ideas with a background in malware analysis, penetration testing, and teaching. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst, where she showed an aptitude for penetration testing and malware analysis. Her background as “blue team” uniquely prepared her for guiding clients through remediation and contextualizing findings for their environment.
She graduated with honors from Florida State College at Jacksonville’s networking program. While pursuing her degree, she dedicated time to teaching computing skills to underrepresented minorities. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.
