Join us for Wild West Hackin’ Fest Mile High conference! Register Here

Professionally Evil API Testing: AAA and Keys are Not Just for Cars with Jennifer Shannon

Course Authored by .

Professionally Evil API Testing AAA and Keys are Not Just for Cars with Jennifer Shannon

This course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities.

Course Length: 4 Hours

Includes a Certificate of Completion



Inquire Now

Next scheduled date: Content is loading, please wait.

Description

This course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities.

You will also gain hands-on experience with tools and techniques for testing API authorization mechanisms and access control models. By the end of this course, you will be able to:

  • Perform API reconnaissance and endpoint analysis
  • Scan APIs for security misconfigurations and excessive data exposure
  • Attack API authentication schemes
  • Test API authorization mechanisms for vulnerabilities like insecure direct object references and privilege escalation
  • Test APIs for rate limiting and business logic flaws
  • Combine tools and techniques to exploit API weaknesses

Check out our other Secure Ideas courses here.

  • Student Requirements
    • Students will need a computer capable of running the local SamuraiWTF VM lab environment.

FAQ

Key Takeaways

Explore OWASP API Security Top 10 2019
How to attack REST APIs
How to prevent API security flaws
Explore and attack OAuth and JWTs
Understand that strong data validation is key to API security

Who Should Take This Course

This course is suitable for anyone who wants to learn how to hack web APIs or improve their API security skills. You should have some basic knowledge of web application security, HTTP requests, and common API testing tools.

Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.

What Each Student Will Be Provided With

Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.

About the Instructor

Pixel splash background
Jennifer Shannon
Jennifer Shannon
"Known Bad Actor"
Bio

Jennifer is a Senior Security Consultant with Secure Ideas with a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities.

Related products

Shopping Cart

No products in the cart.