Are you interested in learning how to test different types of APIs for quality and security? Do you want to dive into the essential skills and techniques for testing GraphQL, SOAP, and REST APIs? If so, this course is for you!

In this course, you will learn the fundamentals of API testing, including what APIs are, how they work, and why they are important. You will also learn the differences between GraphQL, SOAP, and REST APIs, and how they affect the way you test them for flaws and vulnerabilities. You will gain hands-on experience with various tools and frameworks for API testing, such as Postman, SoapUI, and GraphQL Playground. By the end of this course, you will be equipped to:

Perform endpoint analysis to understand the API’s structure and functionality
Conduct scans on APIs to identify security misconfigurations and excessive data exposure, ensuring robust security measures
Understanding the unique issues affected GraphQL, REST, and SOAP API’s
Thoroughly assess APIs for rate limiting mechanisms and business logic flaws that may lead to unauthorized access or abuse

Check out our other Secure Ideas courses here.

Key Takeaways

Explore OWASP API Security Top 10 2019
How to attack REST APIs
How to prevent API security flaws
Explore and attack OAuth and JWTs
Understand that strong data validation is key to API security

Who Should Take This Course

Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.

This course is suitable for individuals seeking to learn how to hack web APIs or enhance their API security skills. Whether you are a penetration tester, security analyst, developer, or an individual interested in understanding API security, this course will provide you with the necessary knowledge and hands-on experience. Prior foundational knowledge in web application security, HTTP requests, and familiarity with common web application testing tools, such as Burp Suite or OWASP ZAP, is recommended to make the most of this course.

What Each Student Will Be Provided

Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.

Students will need a computer capable of running the local SamuraiWTF VM lab environment.

There are no scheduled live dates for this course at this time. Private training may be available.