• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Breaking Apis: An Offensive Api Pentesting Course

Currently reading:
 Breaking Apis: An Offensive Api Pentesting Course

mayoufi

Member
Amateur
LV
5
Joined
Oct 22, 2023
Threads
3,214
Likes
276
Awards
11
Credits
28,489©
Cash
0$
b11016f088c8d2bd254ede795aaa9a74.jpg

Published 10/2024
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.23 GB | Duration: 5h 13m


Offensive API Pentesting: Identify Vulnerabilities, Attack Weaknesses, and Enhance Defenses With Offensive Pentesting.

What you'll learn
Understand API Security Concepts
Identify and Exploit Common API Vulnerabilities
Perform Advanced API Pentesting Techniques
Report Findings and Provide Remediation Recommendations

Requirements
Basic Understanding of Web Technologies
Knowledge of Cybersecurity Concepts
Basic Understanding of Web Vulnerabilities

Description
APIs are the backbone of modern applications, enabling seamless interactions between services. However, their increasing presence makes them a prime target for attackers. "Breaking APIs: An Offensive API Pentesting Course" is designed to equip you with the offensive API pentesting skills necessary to find and exploit security flaws before malicious actors do.This course begins with the fundamentals of API architecture and HTTP protocols, followed by hands-on techniques for API enumeration and testing. You will explore essential tools like Postman and Burp Suite, learning how to map APIs and uncover potential weaknesses. Progressing into more advanced concepts, you will dive into common API security vulnerabilities, such as broken authentication, broken authorization, and misconfigurations.The course aligns with the OWASP API Security Top 10, tackling real-world vulnerabilities like Broken Object Level Authorization (BOLA), excessive data exposure, mass assignment, injection attacks, and improper asset management. Each module is designed to give you practical, hands-on experience in finding and exploiting these vulnerabilities, reinforcing your skills through detailed labs and challenges.Whether you're a penetration tester, security analyst, or developer, "Breaking APIs: An Offensive API Pentesting Course" will arm you with the skills and knowledge to secure APIs in today's threat landscape. By the end of this course, you will be prepared to conduct thorough API pentests, identify security risks, and protect sensitive data from emerging threats.

Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Introduction to API's
Lecture 3 What are REST API's ?
Lecture 4 Web Application Fundamentals
Lecture 5 Statefull and Stateless HTTP Reqests
Lecture 6 Types of API's
Lecture 7 API Authentication Process
Section 2: What Is API Pentesting ?
Lecture 8 What Is API Pentesting ?
Section 3: Lab Setup
Lecture 9 Lab Setup and Lab Overview
Section 4: Tools Setup
Lecture 10 Burpsuite Configurations
Lecture 11 Postman Dowload and Setup
Lecture 12 Postman Introduction
Section 5: Active and Passive Recon
Lecture 13 Introduction Of Active and Passive Recon
Lecture 14 Active Recon
Lecture 15 Passive Recon
Section 6: API Endpoint Analysis
Lecture 16 API Endpoint Analysis
Section 7: Broken Object Level Authorization
Lecture 17 Broken Object Level Authorization Overview
Lecture 18 Broken Object Level Authorization Practical #1
Lecture 19 Broken Object Level Authorization Practical #2
Lecture 20 Task
Section 8: Broken Authentication
Lecture 21 Broken Authentication Overview
Lecture 22 Broken Authentication Practical #1
Lecture 23 Broken Authentication Practical #2
Lecture 24 Task
Lecture 25 JSON Web Token Attacks and Vulnerabilities Overview
Lecture 26 JSON Web Token Attacks Practical
Section 9: Broken Function Level Authorization
Lecture 27 Broken Function Level Authorization Overview
Lecture 28 Broken Function Level Authorization Practical #1
Lecture 29 Broken Function Level Authorization Practical #2
Lecture 30 Task
Section 10: Server Side Request Forgery
Lecture 31 Server Side Request Forgery Overview
Lecture 32 Server Side Request Forgery Practical #1
Lecture 33 Server Side Request Forgery Practical #2
Lecture 34 Task
Section 11: Excessive Data Exposoure
Lecture 35 Excessive Data Exposure Overview
Lecture 36 Excessive Data Exposure Practical #1
Lecture 37 Excessive Data Exposure Practical #2
Lecture 38 Task
Section 12: Lack of Resource and Rate Limiting
Lecture 39 Lack of Resource and Rate Limiting Overview
Lecture 40 Lack of Resource and Rate Limiting Practical #1
Lecture 41 Lack of Resource and Rate Limiting Practical #2
Lecture 42 Task
Section 13: Mass Assignment
Lecture 43 Mass Assignment Overview
Lecture 44 Mass Assignment Practical #1
Lecture 45 Mass Assignment Practical #2
Lecture 46 Task
Section 14: Injection Attacks
Lecture 47 Injection Attacks Overview
Lecture 48 Injection Attacks Practical #1
Lecture 49 Injection Attacks Practical #2
Lecture 50 Task
Section 15: Improper Assets Management
Lecture 51 Improper Assets Management Overview
Lecture 52 Improper Assets Management Practical #1
Lecture 53 Improper Assets Management Practical #2
Lecture 54 Task
Section 16: Security Misconfigurations
Lecture 55 Security Misconfigurations Overview
Lecture 56 Security Misconfigurations Practical #1
Lecture 57 Security Misconfigurations Practical #2
Lecture 58 Task
Section 17: Insufficient Logging and Monitoring
Lecture 59 Insufficient Logging and Monitoring Overview
Lecture 60 Insufficient Logging and Monitoring Practical #1
Lecture 61 Task
Section 18: Bonus
Lecture 62 Bonus lecture
Security Consultants,Penetration Testers,Developers and DevOps Engineers,Cybersecurity Professionals
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips

Similar threads

Top Bottom