API Penetration Testing
About Course
API Pentesting TRAINING
Requirements
-
The course starts from basics, however it is good to have basic knowledge of web applications pentesting.
Description
This course introduces students to the security concepts associated with APIs pentesting. In this courses we encourage you to take this course if you are a beginner in API pentesting security world. This course uses a custom developed vulnerable APIs pentesting to demonstrate how , API vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of API vulnerabilities such as SQL Injection, XXE, Sensitive data in GET, Leaky APIs etc.
OWASP API PENTESTING
- Bola (broken object level authentication)
- Injection attack
- Improper assets management
- Security misconfiguration
- Mass assignment
- Broken function level authorization
- Excessive data exposure
- Broken user authentication
- API rate limiting
API-PENTESTING using postman tool
- Introduction $ installation
- Postman authentication
- Postman navigation
- OAUTH 2.0 authentication in postman
API PROJECT TESTING
- Access admin api/ access admin panel
- Brute-force apis to find new endpoints
- Make an account / loging to account
- Restore / delete everything
- Edit someone’s grade
- Transport layer security
- Blind xss in the admin control panel
- User enumeration
- Information exposure via server headers
- Authentication bypass
- Input validation attacks
- Sql injection
- Error handling
- Encryption
- Ssrf
- Bola
- Command injection
Benefits :
- Get ISO Certified Certification
- Get API Penetration Testing Badge ( ID CARD )
(Sample)
Point To Be Noted :
It takes minimum 3 months to get hard copy of ID CARD
Course Content
Introduction to API PENTESTING
-
Join whatsapp Group
00:00