Mar 29, 2023 1 min read

APIsec University: API Penetration Testing Course Review

APIsec University: API Penetration Testing Course Review

I’m happy to share that I’ve obtained a new certification: API Penetration Testing from APIsec University!

I just completed an amazing course on API security, and I'm excited to share my experience with you all. The course is called "API Penetration Testing" and it's offered by Corey J. Ball | Dan Barahona, APIsec University.

As we all know, API security is crucial in today's digital landscape. With so much data being transmitted through APIs, it's important to ensure that our systems are secure and protected. That's where this course comes in. It provides a comprehensive set of tools and techniques for analyzing, testing, and identifying API security issues.

The API pentesting is done on intentionally Vulnerable API applications, mainly VAPI and CrAPI

Throughout the course, we covered a range of topics
• Lab Setup
• API Reconnaissance
• Endpoint Analysis
• Scanning APIs
• API Authentication Attacks
• Exploiting API Authorization
• Testing for Improper Assets Management
• Mass Assignment
• Server-Side Request Forgery
• Injection Attacks
• Evasion and Combining Techniques


  • Hands-on labs with explanations.
  • Covers all the OWASP API Security Top 10 in a detailed way-
  • Interesting quizzes and assessments to check your learning.
  • Great discord community for doubt clearance.
  • Get to use all the popular tools for API pentesting like postman, Burp Suite, Zap and there functionalities.


  • It would have been much better if the course included real-world API security issues and findings from disclosed reports.
  • Idk😜

Overall rating: 4/5 ⭐⭐⭐⭐🟡

Course Link:

By the end of the course, I had gained an in-depth understanding of potential API-related threats and had the skills to perform penetration testing on APIs. I highly recommend this course to anyone looking to improve their API security knowledge and skills.

Anugrah S R
Anugrah S R
I am a cyber security professional, bug bounty hunter, and blogger. I have a passion for all things related to cyber security and enjoy finding and exploiting vulnerabilities in various applications.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Anugrah SR | #HackLearnDaily.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.