This course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities.

You will also gain hands-on experience with tools and techniques for testing API authorization mechanisms and access control models. By the end of this course, you will be able to:

Perform API reconnaissance and endpoint analysis
Scan APIs for security misconfigurations and excessive data exposure
Attack API authentication schemes
Test API authorization mechanisms for vulnerabilities like insecure direct object references and privilege escalation
Test APIs for rate limiting and business logic flaws
Combine tools and techniques to exploit API weaknesses

Check out our other Secure Ideas courses here.

Key Takeaways

Explore OWASP API Security Top 10 2019
How to attack REST APIs
How to prevent API security flaws
Explore and attack OAuth and JWTs
Understand that strong data validation is key to API security

Who Should Take This Course

This course is suitable for anyone who wants to learn how to hack web APIs or improve their API security skills. You should have some basic knowledge of web application security, HTTP requests, and common API testing tools.

Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.

What Each Student Will Be Provided With

Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.

Students will need a computer capable of running the local SamuraiWTF VM lab environment.

There are no scheduled live dates for this course at this time. Private training may be available.