Passed this fantastic course API Penetration Testing Course from @apisecu with @hAPI_hacker. This is my review after finishing the course. #hacking @Burp_Suite #zapproxy #hacking #api @owasp

Hi!

Today I want to say a few words about a course I finished yesterday night!

This review could have been a one liner:

Take this course, if you don’t you are missing something really cool!

Big shout out  for making this possible. Really great work!

https://www.apisecuniversity.com/

Corey J. Ball
 https://www.linkedin.com/in/coreyjball/
 https://twitter.com/hAPI_hacker

Dan Barahona
 https://www.linkedin.com/in/rdbarahona/
 https://twitter.com/danbarahona

But I want to take this moment to explain why you should take this course

  • The content is great
  • Labs are fantastic
  • It is free (I would have paid for this)
  • You will learn a lot

What will you learn in this course, and much more

  • API Reconnaissance
  • Passive Reconnaissance
  • Active Reconnaissance
  • Reverse Engineering an API
  • Using APIs and Excessive Data Exposure
  • Finding Security Misconfigurations
  • Scanning APIs with OWASP ZAP
  • Classic Authentication Attacks
  • Password Brute-Force Attacks
  • API Token Attacks
  • JWT Attacks
  • Automating JWT attacks with JWT_Tool
  • Broken Object Level Authorization (BOLA)
  • Broken Function Level Authorization (BFLA)
  • Improper Assets Management
  • Mass Assignment Attacks
  • Exploiting SSRF (Server-Side Request Forgery)
  • Injection Vulnerabilities
  • Evasion and Combining Techniques

What tools will you go thru and learn during this course and more

  • Postman
  • Wfuzz
  • Burpsuite ( or zap)
  • Mitmweb
  • Mitmproxy2swagger 
  • Jwt_tool
  • Nmap
  • Amass
  • Gobuster
  • Kitrunner
  • Many more tools in the course

Labs

It will make it easier if you have the possibility to run a virtual machine on your computer. So you revert when mistakes are done, or do it on your local kali if you are perfect 🙂

Very well documented course. If you take the text in this course, you will get 153 pages of very nice documentation.

The documentation for the course are very detailed. You will get step by step information how to set up your own lab environment. And even how to configure the tools you will be using in the course. You can run these labs local 100%

Tips from me

  • Read the documentation in the course
  • Read the documentation in the course
  • Do the labs ( if you get stuck try again, you will get it and learn more)

That was all for now.

Keep hacking!

//Roger

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: