4.28 (44 reviews)
☑ Build your own API to hack
☑ Protect an API with a firewall
☑ The OWASP API top 10 vulnerabilities
☑ API hacking with postman
About the course
In this course we will be teaching you a very important way of hacking and building APIs with practical labs and examples. You will get a feel for these issues sooner than you can say "API".
With the rise of software and web applications we need to make sure to protect them as carefully as possible. This guide will be your handbook in your journey for testers, managers and software developers.
We will bring you from a beginner to an advances level in no time and with our practical examples you will even learn how to use and install an API firewall.
I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were. As a software tester I have a unique skill set that centres around logic flaws and IDORs which I have not seen very much by other hunters. This gives me the advantage of finding less duplicates and maximising my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.
What will you learn?
- The OWASP API top 10
- Building and hacking an API
- How to install an API firewall
- Hacking APIs with postman
Who is this course for?
I explain everything as clearly as possible in this course so everyone with even a basic understanding of technical topics can understand what can go wrong and how to prevent it.
PDFs: OWASP API TOP 10
API0.2019: What is an API
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API4:2019 Lack of rate limiting
API5:2019 Broken Function Level Authorization
API6:2019 Excessive Data Exposure
API7:2019 Security Misconfiguration
API9:2019 Improper Assets Management
API10:2019 Insufficient Logging & Monitoring
Video's: OWASP API TOP 10
API top 10 - 0 through 3
OWASP API TOP 10 - 4 to 7
API9-2019 improper asset management
OWASP API top 10 - 10 insufficient logging and monitoring
Building and hacking an API
Let's build an API to hack - Part 1: The basics
Let's build an API to hack - Part 2: Faking it before breaking it
Let's build an API to hack - Part 3: Information disclosure
API roulette - Name the issues
Video: API firewall
API Firewall guide
API Hacking with postman
API hacking with postman Part 1 - getting the basics down
API hacking with postman Part 2 - importing the API description
API hacking with postman Part 3 Pre-request scripts, tests and console
API hacking with postman Part 4 - Getting dirty with data sources
Swagger and OpenAPI
API Security - Top 10 Best Practices
How to secure your rest API from attackers