I’m happy to share that I’ve obtained a new certification: API Penetration Testing from APIsec University!
I just completed an amazing course on API security, and I'm excited to share my experience with you all. The course is called "API Penetration Testing" and it's offered by Corey J. Ball | Dan Barahona, APIsec University.
As we all know, API security is crucial in today's digital landscape. With so much data being transmitted through APIs, it's important to ensure that our systems are secure and protected. That's where this course comes in. It provides a comprehensive set of tools and techniques for analyzing, testing, and identifying API security issues.
The API pentesting is done on intentionally Vulnerable API applications, mainly VAPI and CrAPI
Throughout the course, we covered a range of topics
• Lab Setup
• API Reconnaissance
• Endpoint Analysis
• Scanning APIs
• API Authentication Attacks
• Exploiting API Authorization
• Testing for Improper Assets Management
• Mass Assignment
• Server-Side Request Forgery
• Injection Attacks
• Evasion and Combining Techniques
Pros:
- Hands-on labs with explanations.
- Covers all the OWASP API Security Top 10 in a detailed way-
- Interesting quizzes and assessments to check your learning.
- Great discord community for doubt clearance.
- Get to use all the popular tools for API pentesting like postman, Burp Suite, Zap and there functionalities.
Cons:
- It would have been much better if the course included real-world API security issues and findings from disclosed reports.
- Idk😜
Overall rating: 4/5 ⭐⭐⭐⭐🟡
Course Link: https://www.apisecuniversity.com
By the end of the course, I had gained an in-depth understanding of potential API-related threats and had the skills to perform penetration testing on APIs. I highly recommend this course to anyone looking to improve their API security knowledge and skills.
