API Pentesting and Security Training
Beginner • Advanced
Overview
The API Pentesting and Security training is a comprehensive program designed to help participants understand the challenges associated with modern API development and integration. API Pentesting and security training helps security professionals who are responsible for securing the design, implementation, and overall security of API endpoints and communications. It provides a practical approach to understanding and addressing the challenges associated with API security, including designing secure APIs, implementing authentication and authorization mechanisms, addressing data privacy concerns, and protecting APIs against various types of attacks.
By the end of the training, participants will have gained the knowledge and skills necessary to identify and mitigate API-related security risks, effectively securing their organisations’ API infrastructure.
What You’ll Learn
- API Tools , Techniques and Procedures
- Rest and SOAP Api Manual Pentesting
- GraphQL Pentesting
- Automated API Pentesting
Training Modules
API Pentesting Fundamentals
- Understanding SOAP ,Rest and Graph APIs
- Different Approach to API Security Testing
- Challenges in API Security Testing
- Traditional API testing v/s API Security testing
- Standards in API development
- OWASP Top 10 API attacks
- Building the API pentesting Lab
API Pentesting Tools and Techniques
- Role of automation in API pentesting
- Deep dive with postman for API pentesting
- Configuring SoapUI / ReadyApi for API security testing
- Automation in API fuzzing with Open Source tools
- API pentesting Governance and role of documentation
Discovering API Insecurities
- Building API Security Testing Checklists
- Building the self-documentation for API enumeration
- Discovering WSDL and WADL
- Discovering the API hidden endpoints
- Common API endpoints for quick wins
- Testing for unhandled HTTP methods
- Sensitive data disclosed with API OSINT
API Pentesting Primer - 1
- Cookie based test cases
- OAuth Authorization Bypass
- JWT token attacks
- Account takeover vulnerabilities
- API privacy settings issues
- Exploring Improper Restriction of Unprotected APIs Endpoint
- Password reset attacks
- Cross-Origin Resource Sharing issues
- CSRF attacks
- Rate limiting attacks in misconfigured API
- Authentication Tokens leakage attacks
- Improper functional level authorisation attacks
- Broken object level authorisation based attacks
API Pentesting Primer - 2
- Exploiting XML External Entity and parsers
- HTTP Parameter Pollution Attacks
- OS command Injection Attacks
- SQL Injection attacks in APIs
- Access control attacks
- Exploiting Open Redirections
- Mass assignment attacks
- Testing Local File Inclusion attacks
- Testing Remote File Inclusion attacks
- Security misconfiguration attacks in API
- Improper restriction on unprotected API endpoints
- API Request and Response Tampering for bypassing restrictions
- Building an hybrid approach to test API centric web applications
Graphql Pentesting
- Discovering GraphQL
- Batch Query Attack
- Deep Recursion Query Attack
- Resource Intensive Query Attack
- Field Duplication Attack
- Aliases based Attack
- GraphQL Information disclosures
- Server Side Request Forgery
- Code Execution in GraphQL
- Stored Cross Site Scripting
- Log spoofing / Log Injection
- GraphQL Interface Protection Bypass
- GraphQL Query Deny List Bypass
- Arbitrary File Write Path Traversal
- GraphQL Query Weak Password
- GraphQL Defense in Depth
Who Can Apply For The API Pentesting and Security Training ?
- Individuals possessing a bachelor’s degree and a keenness to acquire advanced proficiencies in Application Pentesting.
- IT Consultants aiming to elevate their expertise in the realm of Web Application Security.
- Members of Development Teams seeking to amplify their skillset for greater proficiency.
Details
On-Demand Live Training
Join virtual Codefensive training experience, right from the comfort of your own home! Our industry-leading instructors will deliver interactive courses via live stream, giving you the ultimate in cybersecurity education. Following each class, you’ll have the opportunity to enjoy a keynote from top industry professionals. Choose the ultimate in cybersecurity education and join us today!
Self-Paced Training
Self-paced, the ultimate in flexible cybersecurity learning! With unlimited access to your training, you can learn at your own pace, wherever and whenever it’s convenient for you. Our program includes all labs, exercises, and live support from Codefensive subject matter experts to ensure your success. Join us now to take control of your cybersecurity education!
Prerequisites
Basics of Computer Networks
Basics of Cyber Security
Ready to Get Started?
Book an free consultation and Join the right training for you .