Professionally Evil API Testing

Instructors: Cory Sabol
Course Length: 12-Hours
Price: $435

Includes: Six months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

This workshop-style intermediate course is designed to compliment a student’s understanding of traditional Web Application Security. It focuses on modern application and API security features and tactics to protect APIs and microservices from attacks. Because the material in this course leans on standard HTTP and browser features, and standard web and API security best practices, the lessons and labs are applicable across programming languages and platform implementations. This material in this course is approached both from the perspective of an adversary and that of a defender.

Key Takeaways

  • Explore OWASP API Security Top 10 2019
  • How to attack REST APIs
  • How to prevent API security flaws
  • Explore and attack OAuth and JWTs
  • Understand that strong data validation is key to API security

WHO SHOULD TAKE THIS COURSE

Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.

STUDENT REQUIREMENTS

Students will need a computer capable of running the local SamuraiWTF VM lab environment.

WHAT EACH STUDENT WILL BE PROVIDED

Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.

TRAINER & AUTHOR

Cory Sabol
Cory Sabol is a senior consultant with a background in web development, game development, and machine learning. He has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals.  Cory also has considerable experience with API security.  He has developed custom API security testing frameworks and tooling.  He has also led the development efforts on the Arrrspace containerized microservice training target.  Currently he is researching game security and developing game security labs and training materials

COURSE SCHEDULE

Tue, October 25, 2022 11:00 AM – 4:00 PM ET

Wed, October 26, 2022 12:00 PM – 4:00 PM ET

Thu, October 27, 2022 12:00 PM – 4:00 PM ET

Register