API Security Testing Guide by The XSS Rat
- Description
- Curriculum
- FAQ
- Reviews
About the course
In this course we will be teaching you a very important way of hacking and building APIs with practical labs and examples. You will get a feel for these issues sooner than you can say “API”.
With the rise of software and web applications we need to make sure to protect them as carefully as possible. This guide will be your handbook in your journey for testers, managers and software developers.
We will bring you from a beginner to an advances level in no time and with our practical examples you will even learn how to use and install an API firewall.
About me
I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were. As a software tester I have a unique skill set that centres around logic flaws and IDORs which I have not seen very much by other hunters. This gives me the advantage of finding less duplicates and maximising my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.
What will you learn?
– The OWASP API top 10
– Building and hacking an API
– How to install an API firewall
– Hacking APIs with postman
Who is this course for?
I explain everything as clearly as possible in this course so everyone with even a basic understanding of technical topics can understand what can go wrong and how to prevent it.
-
2API0.2019: What is an APIText lesson
-
3API1:2019 Broken Object Level AuthorizationText lesson
-
4API2:2019 Broken User AuthenticationText lesson
-
5API3:2019 Excessive Data ExposureText lesson
-
6API4:2019 Lack of rate limitingText lesson
-
7API5:2019 Broken Function Level AuthorizationText lesson
-
8API6:2019 Mass AssignmentText lesson
-
9API7:2019 Security MisconfigurationText lesson
-
10API8:2019 InjectionText lesson
-
11API9:2019 Improper Assets ManagementText lesson
-
12API10:2019 Insufficient Logging & MonitoringText lesson
-
19A1 - Broken level authorizationVideo lesson
-
20A2 - Broken authenticationVideo lesson
-
21A3 - Excessive information disclosureVideo lesson
-
22A4 - lack of rate limitingVideo lesson
-
23A5 - broken function level authorisationVideo lesson
-
24A6 Mass assignmentVideo lesson
-
25A7 - Security misconfigurationVideo lesson
-
26A8 - InjectionsVideo lesson
-
27A9 - Improper asset managmentVideo lesson
-
28A10 - Insufficient logging and monitoringVideo lesson
-
29Let's build an API to hack - Part 1: The basicsText lesson
-
30Let's build an API to hack - Part 2: Faking it before breaking itText lesson
-
31Let's build an API to hack - Part 3: Information disclosureText lesson
-
32Let’s build an API to hack — Part 4: Mass assignmentText lesson
-
33Let's build an API to hack - Part 5: Emulating login and hacking it with postmanText lesson
-
34Let's build an API to hack - Part 6: Emulating SQLi and showing possible SSTIVideo lesson
-
35Building an API part 7: API Broken Access Control Through Replacing HTTP MethodVideo lesson
-
36API roulette - Name the issuesText lesson
-
37REST-API-GOAT: Chain postman burp suiteVideo lesson
-
38Hacking an API with postman - theoryText lesson
-
39Postman API hacking - Tiredful APIText lesson
-
42API hacking with postman Part 1 - getting the basics downVideo lesson
-
43API hacking with postman Part 2 - importing the API descriptionVideo lesson
-
44API hacking with postman Part 3 Pre-request scripts, tests and consoleVideo lesson
-
45API hacking with postman Part 4 - Getting dirty with data sourcesVideo lesson
External Links May Contain Affiliate Links read more