Network & Security


API Security Testing Guide by The XSS Rat

Learn how to build and break an API in record time including the API top 10

4.28 (44 reviews)

API Security Testing Guide by The XSS Rat


4.5 hours


Sep 2021

Last Update
Regular Price

What you will learn

Build your own API to hack

Protect an API with a firewall

The OWASP API top 10 vulnerabilities

API hacking with postman


About the course

In this course we will be teaching you a very important way of hacking and building APIs with practical labs and examples. You will get a feel for these issues sooner than you can say "API".

With the rise of software and web applications we need to make sure to protect them as carefully as possible. This guide will be your handbook in your journey for testers, managers and software developers.

We will bring you from a beginner to an advances level in no time and with our practical examples you will even learn how to use and install an API firewall.

About me

I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were. As a software tester I have a unique skill set that centres around logic flaws and IDORs which I have not seen very much by other hunters. This gives me the advantage of finding less duplicates and maximising my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.

What will you learn?

- The OWASP API top 10

- Building and hacking an API

- How to install an API firewall

- Hacking APIs with postman

Who is this course for?

I explain everything as clearly as possible in this course so everyone with even a basic understanding of technical topics can understand what can go wrong and how to prevent it.



API0.2019: What is an API

API1:2019 Broken Object Level Authorization

API2:2019 Broken User Authentication

API3:2019 Excessive Data Exposure

API4:2019 Lack of rate limiting

API5:2019 Broken Function Level Authorization

API6:2019 Excessive Data Exposure

API7:2019 Security Misconfiguration

API8:2019 Injection

API9:2019 Improper Assets Management

API10:2019 Insufficient Logging & Monitoring

Video's: OWASP API TOP 10

API top 10 - 0 through 3

OWASP API TOP 10 - 4 to 7

API8-2019 Injection

API9-2019 improper asset management

OWASP API top 10 - 10 insufficient logging and monitoring

Building and hacking an API

Let's build an API to hack - Part 1: The basics

Let's build an API to hack - Part 2: Faking it before breaking it

Let's build an API to hack - Part 3: Information disclosure

API roulette - Name the issues

API firewalls

Video: API firewall

API Firewall guide

API Hacking with postman

API hacking with postman Part 1 - getting the basics down

API hacking with postman Part 2 - importing the API description

API hacking with postman Part 3 Pre-request scripts, tests and console

API hacking with postman Part 4 - Getting dirty with data sources


API Testing

Swagger and OpenAPI

API Security - Top 10 Best Practices

How to secure your rest API from attackers


8/20/2021100% OFFExpired
9/4/2021100% OFFExpired
9/14/2021100% OFFExpired


Udemy ID


Course created date


Course Indexed date
Course Submitted by