API Penetration Testing CourseEnroll Now
The APIsec Certified Expert (ACE) will guide you through actively testing for API security flaws. This course is a self-paced, practical guide that will show you the tools and techniques that can be leveraged to attack web APIs.
You'll need to prepare an API hacking system for this course. In this section we'll provide resources for you to set up your own hacking lab.
In this module, you will learn passive tools and techniques that can be used to discover and analyze APIs.
In this module, you will learn to make API requests and analyze responses. In addition, you will learn to test for Excessive Data Exposure and Business Logic Flaws.
Now that you have discovered and analyzed an API it is time to learn to properly scan APIs for weaknesses. In this module, you will learn to scan for common security misconfigurations.
API Authentication Attacks
Here we dive into various API authentication attacks including password brute force, password reset, password spraying and MFA brute force.
Exploiting API Authorization
In this workshop, I will guide you through testing the vulnerable application VAmPI for Broken Object Level Authorization vulnerabilities (BOLA).
Testing for Improper Assets Management
In this module, you will learn to perform tests for Improper Assets Management.
In this module, you will learn to test for Mass Assignment vulnerabilities.
In this module, you will learn to perform various injection attacks including SQL, NoSQL, and XSS.
Rate Limit Testing
In this module, you will learn a variety of techniques to test APIs for rate limiting.
Combining Tools and Techniques
In this module, you will learn to combine tools and techniques from the previous module to exploit API weaknesses.