Breaking Apis: An Offensive Api Pentesting Course

Offensive API Pentesting: Identify Vulnerabilities, Attack Weaknesses, and Enhance Defenses With Offensive Pentesting.

What you'll learn

Understand API Security Concepts

Identify and Exploit Common API Vulnerabilities

Perform Advanced API Pentesting Techniques

Report Findings and Provide Remediation Recommendations

Requirements

Basic Understanding of Web Technologies

Knowledge of Cybersecurity Concepts

Basic Understanding of Web Vulnerabilities

Description

APIs are the backbone of modern applications, enabling seamless interactions between services. However, their increasing presence makes them a prime target for attackers. "Breaking APIs: An Offensive API Pentesting Course" is designed to equip you with the offensive API pentesting skills necessary to find and exploit security flaws before malicious actors do.This course begins with the fundamentals of API architecture and HTTP protocols, followed by hands-on techniques for API enumeration and testing. You will explore essential tools like Postman and Burp Suite, learning how to map APIs and uncover potential weaknesses. Progressing into more advanced concepts, you will dive into common API security vulnerabilities, such as broken authentication, broken authorization, and misconfigurations.The course aligns with the OWASP API Security Top 10, tackling real-world vulnerabilities like Broken Object Level Authorization (BOLA), excessive data exposure, mass assignment, injection attacks, and improper asset management. Each module is designed to give you practical, hands-on experience in finding and exploiting these vulnerabilities, reinforcing your skills through detailed labs and challenges.Whether you’re a penetration tester, security analyst, or developer, "Breaking APIs: An Offensive API Pentesting Course" will arm you with the skills and knowledge to secure APIs in today's threat landscape. By the end of this course, you will be prepared to conduct thorough API pentests, identify security risks, and protect sensitive data from emerging threats.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Introduction to API's

Lecture 3 What are REST API's ?

Lecture 4 Web Application Fundamentals

Lecture 5 Statefull and Stateless HTTP Reqests

Lecture 6 Types of API's

Lecture 7 API Authentication Process

Section 2: What Is API Pentesting ?

Lecture 8 What Is API Pentesting ?

Section 3: Lab Setup

Lecture 9 Lab Setup and Lab Overview

Section 4: Tools Setup

Lecture 10 Burpsuite Configurations

Lecture 11 Postman Dowload and Setup

Lecture 12 Postman Introduction

Section 5: Active and Passive Recon

Lecture 13 Introduction Of Active and Passive Recon

Lecture 14 Active Recon

Lecture 15 Passive Recon

Section 6: API Endpoint Analysis

Lecture 16 API Endpoint Analysis

Section 7: Broken Object Level Authorization

Lecture 17 Broken Object Level Authorization Overview

Lecture 18 Broken Object Level Authorization Practical #1

Lecture 19 Broken Object Level Authorization Practical #2

Lecture 20 Task

Section 8: Broken Authentication

Lecture 21 Broken Authentication Overview

Lecture 22 Broken Authentication Practical #1

Lecture 23 Broken Authentication Practical #2

Lecture 24 Task

Lecture 25 JSON Web Token Attacks and Vulnerabilities Overview

Lecture 26 JSON Web Token Attacks Practical

Section 9: Broken Function Level Authorization

Lecture 27 Broken Function Level Authorization Overview

Lecture 28 Broken Function Level Authorization Practical #1

Lecture 29 Broken Function Level Authorization Practical #2

Lecture 30 Task

Section 10: Server Side Request Forgery

Lecture 31 Server Side Request Forgery Overview

Lecture 32 Server Side Request Forgery Practical #1

Lecture 33 Server Side Request Forgery Practical #2

Lecture 34 Task

Section 11: Excessive Data Exposoure

Lecture 35 Excessive Data Exposure Overview

Lecture 36 Excessive Data Exposure Practical #1

Lecture 37 Excessive Data Exposure Practical #2

Lecture 38 Task

Section 12: Lack of Resource and Rate Limiting

Lecture 39 Lack of Resource and Rate Limiting Overview

Lecture 40 Lack of Resource and Rate Limiting Practical #1

Lecture 41 Lack of Resource and Rate Limiting Practical #2

Lecture 42 Task

Section 13: Mass Assignment

Lecture 43 Mass Assignment Overview

Lecture 44 Mass Assignment Practical #1

Lecture 45 Mass Assignment Practical #2

Lecture 46 Task

Section 14: Injection Attacks

Lecture 47 Injection Attacks Overview

Lecture 48 Injection Attacks Practical #1

Lecture 49 Injection Attacks Practical #2

Lecture 50 Task

Section 15: Improper Assets Management

Lecture 51 Improper Assets Management Overview

Lecture 52 Improper Assets Management Practical #1

Lecture 53 Improper Assets Management Practical #2

Lecture 54 Task

Section 16: Security Misconfigurations

Lecture 55 Security Misconfigurations Overview

Lecture 56 Security Misconfigurations Practical #1

Lecture 57 Security Misconfigurations Practical #2

Lecture 58 Task

Section 17: Insufficient Logging and Monitoring

Lecture 59 Insufficient Logging and Monitoring Overview

Lecture 60 Insufficient Logging and Monitoring Practical #1

Lecture 61 Task

Section 18: Bonus

Lecture 62 Bonus lecture

Security Consultants,Penetration Testers,Developers and DevOps Engineers,Cybersecurity Professionals