TMG Security

API Penetration Testing

Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

API Pentesting TRAINING

 

Requirements

  • The course starts from basics, however it is good to have basic knowledge of web applications pentesting.

Description

This course introduces students to the security concepts associated with APIs pentesting. In this courses we encourage you to take this course if you are a beginner in API pentesting security world. This course uses a custom developed vulnerable APIs pentesting to demonstrate how , API vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of  API vulnerabilities such as SQL Injection, XXE, Sensitive data in GET, Leaky APIs etc.

OWASP API PENTESTING

  • Bola (broken object level authentication)
  • Injection attack
  • Improper assets management
  • Security misconfiguration
  • Mass assignment
  • Broken function level authorization
  • Excessive data exposure
  • Broken user authentication
  • API rate limiting

API-PENTESTING using postman tool

  • Introduction $ installation
  • Postman authentication
  • Postman navigation
  • OAUTH 2.0 authentication in postman

API PROJECT TESTING

  • Access admin api/ access admin panel
  • Brute-force apis to find new endpoints
  • Make an account / loging to account
  • Restore / delete everything
  • Edit someone’s grade
  • Transport layer security
  • Blind xss in the admin control panel
  • User enumeration
  • Information exposure via server headers
  • Authentication bypass
  • Input validation attacks
  • Sql injection
  • Error handling
  • Encryption
  • Ssrf
  • Bola
  • Command injection

Benefits :

  • Get ISO Certified Certification
  • Get API Penetration Testing Badge ( ID CARD )

(Sample)

Point To Be Noted :

It takes minimum 3 months to get hard copy of ID CARD

 

Show More

What Will You Learn?

  • OWASP API PENTESTING
  • API-Pentesting using postman tool
  • Learn what are API's Pentesting Methods
  • Learn how to pentest APIs
  • Learn common vulnerabilities in APIs
  • Learn to exploit SQL Injection
  • Learn to exploit XXE vulnerabilities
  • Learn automated tools for API Security Testing

Course Content

Introduction to API PENTESTING
ONE-MONTH LIVE API-PENTESTING LIVE + RECORDINGS TAUGHT BY MAYANK GANDHI

  • Join whatsapp Group
    00:00

Start Learning
Access all materials and recordings to start learning

Scroll to Top