APIsec University: API Penetration Testing Course Review
Issuer: APIsec University
I’m happy to share that I’ve obtained a new certification: API Penetration Testing from APIsec University.
If you lack knowledge about API Penetration Testing, I recommend considering it as an excellent free course for comprehensive learning. This course offers a self-paced and hands-on approach, providing an in-depth understanding of various concepts. It covers essential tools and methodologies used to assess and exploit vulnerabilities in APIs. Additionally, it includes assessments for each category, and successful completion of an assessment unlocks the next category, ensuring a structured learning experience.
The primary focus of this course is on two applications that have known vulnerabilities. crAPI is used for trainer demonstration purposes, and vAPI is used as a self-assessment. Assessment questions are based on these machines only.
This course mainly focused on the following concepts:
• Lab Setup
• API Reconnaissance
• Endpoint Analysis
• Scanning APIs
• API Authentication Attacks
• Exploiting API Authorization
• Testing for Improper Assets Management
• Mass Assignment
• Server-Side Request Forgery
• Injection Attacks
• Evasion and Combining Techniques
Pros:
- Hands-on labs with explanations.
- Covers all the OWASP API Security Top 10 in a detailed way-
- Interesting quizzes and assessments to check your learning.
- Great discord community for doubt clearance.
- Get to use all the popular tools for API pen-testing like Postman, Burp Suite, Zap, and their functionalities.
Cons:
- It would have been much better if the course included real-world API security issues and findings from disclosed reports.
- There appears to be a discrepancy between the practical exercises and the correct answers provided in certain assessments, causing a sense of mismatch.
By the end of the course, I had gained an in-depth understanding of potential API-related threats and had the skills to perform penetration testing on APIs. I highly recommend this course to anyone looking to improve their API security knowledge and skills.
Course Link: https://university.apisec.ai/products/api-penetration-testing
