Instructor: Jennifer Shannon
Course Length: 4 Hours per class
Price: $25 – $150 per session
Includes: Certificate of participation and six months access to class recordings.
Course Description
API Penetration Testing: A Practical Course for Beginners
If you want to learn how to perform security testing on web applications that use application programming interfaces (APIs), this course is for you. APIs are the connective tissue responsible for transferring information between systems, both internally and externally. They are also a common target for cyberattacks, as they can expose sensitive data, application logic, and internal infrastructure. In this course, you will learn the basics of API penetration testing, including:
- What is an API and how it works
- What are the common types of APIs (SOAP and REST) and their differences
- What are some of the most common security risks and vulnerabilities of APIs
- How to use tools and techniques to test APIs for security issues
By the end of this course, you will be able to conduct a basic API pen test using a systematic approach and industry best practices. You will also gain hands-on experience with popular tools such as Postman, Burp Suite, Nmap, and OWASP ZAP. This course is suitable for beginners who have some knowledge of web application security and want to expand their skills to API security testing.
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
This course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities. You will also gain hands-on experience with tools and techniques for testing API authorization mechanisms and access control models. By the end of this course, you will be able to:
- Perform API reconnaissance and endpoint analysis
- Scan APIs for security misconfigurations and excessive data exposure
- Attack API authentication schemes
- Test API authorization mechanisms for vulnerabilities like insecure direct object references and privilege escalation
- Test APIs for rate limiting and business logic flaws
- Combine tools and techniques to exploit API weaknesses
This course is suitable for anyone who wants to learn how to hack web APIs or improve their API security skills. You should have some basic knowledge of web application security, HTTP requests, and common API testing tools.
Professionally Evil API Testing: GraphQL, SOAP, and REST Fundamentals and Techniques
Are you interested in learning how to test different types of APIs for quality and security? Do you want to dive into the essential skills and techniques for testing GraphQL, SOAP, and REST APIs? If so, this course is for you! In this course, you will learn the fundamentals of API testing, including what APIs are, how they work, and why they are important. You will also learn the differences between GraphQL, SOAP, and REST APIs, and how they affect the way you test them for flaws and vulnerabilities. You will gain hands-on experience with various tools and frameworks for API testing, such as Postman, SoapUI, and GraphQL Playground. By the end of this course, you will be equipped to:
- Perform endpoint analysis to understand the API’s structure and functionality.
- Conduct scans on APIs to identify security misconfigurations and excessive data exposure, ensuring robust security measures.
- Understanding the unique issues affected GraphQL, REST, and SOAP API’s
- Thoroughly assess APIs for rate limiting mechanisms and business logic flaws that may lead to unauthorized access or abuse.
This course is suitable for individuals seeking to learn how to hack web APIs or enhance their API security skills. Whether you are a penetration tester, security analyst, developer, or an individual interested in understanding API security, this course will provide you with the necessary knowledge and hands-on experience. Prior foundational knowledge in web application security, HTTP requests, and familiarity with common web application testing tools, such as Burp Suite or OWASP ZAP, is recommended to make the most of this course.
Key Takeaways
- Explore OWASP API Security Top 10 2019
- How to attack REST APIs
- How to prevent API security flaws
- Explore and attack OAuth and JWTs
- Understand that strong data validation is key to API security
Who Should Take This Course
Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.
Student Requirements
Students will need a computer capable of running the local SamuraiWTF VM lab environment.
What Each Student Will Be Provided
Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.
Course Instructor
Jennifer is a senior security consultant at Secure Ideas with a background in malware analysis, penetration testing, and teaching. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst, where she showed an aptitude for penetration testing and malware analysis. Her background as “blue team” uniquely prepared her for guiding clients through remediation and contextualizing findings for their environment.
She graduated with honors from Florida State College at Jacksonville’s networking program. While pursuing her degree, she dedicated time to teaching computing skills to underrepresented minorities. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.
Live Training Events
Professionally Evil API Testing: A Practical Course for Beginners
OnlineIf you want to learn how to perform security testing on web applications that use application programming interfaces (APIs), this course is for you. APIs are the connective tissue responsible for transferring information between systems, both internally and externally. They are also a common target for cyberattacks, as they can expose sensitive data, application logic, and internal infrastructure.
Professionally Evil API Testing: AAA and Keys are Not Just for Cars
OnlineThis course will teach you how to test web APIs for authorization and access control related security flaws. You will learn how to map API functionality, identify authentication and authorization flaws, and exploit common API vulnerabilities. You will also gain hands-on experience with tools and techniques for testing API authorization mechanisms and access control models. By the end of this course, you will be able to:
Professionally Evil API Testing: GraphQL, SOAP, and REST Fundamentals and Techniques
OnlineAre you interested in learning how to test different types of APIs for quality and security? Do you want to dive into the essential skills and techniques for testing GraphQL, SOAP, and REST APIs? If so, this course is for you! In this course, you will learn the fundamentals of API testing, including what APIs are, how they work, and why they are important. You will also learn the differences between GraphQL, SOAP, and REST APIs, and how they affect the way you test them for flaws and vulnerabilities. You will gain hands-on experience with various tools and frameworks for API testing, such as Postman, SoapUI, and GraphQL Playground. By the end of this course, you will be equipped to: