Skip to content
Antisyphon Training

Antisyphon Training

  • Home
  • About
    • Mission
    • FAQ
    • Giving Back
    • Our Instructors
    • Testimonials
    • Updates
  • Live Training
    • Antisyphon Summit 2023
    • Course Catalog
    • Pay What You Can Training
    • Live Training Calendar
    • Training Roadmap
    • Cybersecurity Training for Businesses
    • The Vault Program
  • On-Demand Training
    • Course Catalog
    • Training Roadmap
    • Cybersecurity Training for Businesses
    • The Vault Program
  • MSP Training
  • Cyber Range
    • About Our Cyber Range
    • Purchase Subscription
    • ACE-T™ Certification
    • ACE-T™ Level Lookup
  • Contact Us
  • Toggle search form
Professionally Evil API Testing - Secure Ideas

Professionally Evil API Testing

Instructor: Cory Sabol & Jennifer Shannon
Course Length: 8 Hours
Price: $295

Includes: Six months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

View Live/Online Course Schedule
Professionally Evil API Testing - Secure Ideas

Course Description

This workshop-style intermediate course is designed to complement a student’s understanding of traditional Web Application Security. It focuses on modern application and API security features and tactics to protect APIs and microservices from attacks. Because the material in this course leans on standard HTTP and browser features, and standard web and API security best practices, the lessons and labs are applicable across programming languages and platform implementations. This material in this course is approached both from the perspective of an adversary and that of a defender.


Key Takeaways

  • Explore OWASP API Security Top 10 2019
  • How to attack REST APIs
  • How to prevent API security flaws
  • Explore and attack OAuth and JWTs
  • Understand that strong data validation is key to API security

Who Should Take This Course

Anyone with an interest in REST API security will benefit from this course. The course is aimed at teaching students how to think about REST API security from an attacker mindset, which is useful for defenders and attackers alike.

Student Requirements

Students will need a computer capable of running the local SamuraiWTF VM lab environment.

What Each Student Will Be Provided

Students will be provided access to download an OVA image of the SamuraiWTF lab environment virtual machine. Students will be able to continue to use this VM after the course to practice labs on their own time.


Trainer & Author

Cory Sabol
Cory Sabol

Cory Sabol is a senior consultant with a background in web development, game development, and machine learning. He has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals. Cory also has considerable experience with API security. He has developed custom API security testing frameworks and tooling. He has also led the development efforts on the Arrrspace containerized microservice training target. Currently he is researching game security and developing game security labs and training materials.

Jennifer Shannon
Jennifer Shannon

Jennifer is a senior security consultant at Secure Ideas with a background in malware analysis, penetration testing, and teaching. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst, where she showed an aptitude for penetration testing and malware analysis. Her background as “blue team” uniquely prepared her for guiding clients through remediation and contextualizing findings for their environment.
She graduated with honors from Florida State College at Jacksonville’s networking program. While pursuing her degree, she dedicated time to teaching computing skills to underrepresented minorities. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.


Live Training Events

This class will be taught as part of
the Antisyphon Most Offensive Con that Ever Offensived! Summit,
March 1-3, 2023.

Register for the Most Offensive Con that Ever Offensived!
Summit Event using the buttons below.

Summit + Training
Summit Only
Join the Antisyphon Training Discord Server!
  • Twitter
  • LinkedIn
  • Mastodon
PROMPT#

Copyright © 2023 Antisyphon

Powered by PressBook Dark WordPress theme